For PEAP-MS-CHAP v2 deployments, you can purchase an IAS or NPS server
certificate from a public CA that client computers already trust, such as
the Verisign public CA. Windows clients have the Verisign CA cert in their
Trusted Root Certification Authorities (TRCA) certificate store, which is
why clients automatically trust the CA.

If you don't want to use an already-trusted CA (you can discover which ones
are trusted by opening the Microsoft Management Console, or mmc, and adding
the Certificates snap in for the local computer and for the current user),
you must add the external CA cert to the clients' TRCA stores.

For PEAP-TLS and EAP-TLS, you should deploy your own CA and public key
infrastructure.

*****************

James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.