Hi Steve --

When you deploy a RADIUS client (a network access server of some type, such
as a VPN server or wireless access point) with IAS (in WS03) or NPS (in
WS08), you configure the RADIUS client in the IAS/NPS console. During that
configuration, you enter a "shared secret" -- which is basically a password
-- that you also must configure on the RADIUS client. This password allows
the RADIUS client and IAS/NPS server to communicate securely.

I don't know what device you are using, or the terminology the device uses,
but it is possible that by "key" they mean "shared secret." Their
documentation should provide some information about that.

As for certificates -- IAS and NPS only require certificates when you
deploy either Extensible Authentication Protocol (EAP) or Protected EAP
(PEAP) with an authentication type that requires certificates.

PEAP with MS-CHAP v2 allows users to provide password-based credentials,
while a server certificate is required for the IAS/NPS server.

Both PEAP-TLS and EAP-TLS require certificates for users or their computers
and for the IAS/NPS server.

But these certificates are used only so that the access client (the client
computer with which the user is accessing the network) and the IAS/NPS
server can authenticate each other.

The RADIUS client, ie your device, does not use certificates in relation to
the access client or the IAS/NPS server.

Hope that helps somewhat, and if you have additional questions, please feel
free to ask and I will try to help. To be of further assistance though I
will need to know what device you have.

Thanks --