I'm looking to change the way we do NPS for our Wireless Network. In particular certificates. I would love some advice from the collective wisdom that is here.
Currently, one of our domain controllers has NPS installed on it with Certificate Services. It's a 2008 R2 box, so it's time to upgrade.
What I was looking to do...
3 new virtual servers all 2016. They will be named CA-01, NPS-01, NPS-02.
The CA to be a Standalone server and to be turned off once the certificate is generated.
Then 2 NPS servers. I would like to keep them sperate so I can back them up and restore them if required, much easier than trying to rebuild (as would be required if it was a domain controller).
Our domain is a .local, so I would have to use a self-signed certificate (correct me if I'm wrong) as .local certificates have been discontinued.
Is there a better way to do this? We're a school and we've got up to 400 BYOD users at any one time using NPS. The idea of using 2 NPS servers is to give redundancy.
My idea came a little unstuck after I couldn't work out how to create a certificate for NPS on a standalone CA, almost all of the guides show this as an Enterprise CA. So if you have a good guide for this would love for you to post a link.
I didn't find the right solution from the Internet.