Creating Client Certificates

Some authentication protocols, like EAP-TLS, require that a user should present his digital certificate to an authentication server to identify itself to the server. This in turn leads to the need for a Public Key Infrastructure (PKI). Since the requirements of maintaining a PKI are substantial, most organizations opt instead to use PEAP, which require a digital certificate for the server only.

Anyway, if you plan to use EAP-TLS, a client certificate may be obtained from some existing certificate authority (which is already exists in your organization or purchased from a commercial CA). Still you may have created your own certificate authority and have issued the server certificate by yourself. The same CA may issue client certificates.

Run Certificates Wizard and select the fourth option:

Specify the root CA password which you defined during its setup:

Click Next. Input the client personal information, its password (will be used later when the client installs the certificate):

Click Next and input the client location information:

Click Next and specify where the new certificate is saved:

Click Next.

After some time depending on the server machine performance you'll be shown the success message:

It means that the client certificate is created successfully. Deliver it on a client computer and run it. Click Next to install, Next, type in the password you have specified during the certificate creation. Click Next. Agree with Automatically select the certificate store choice and click Next. Finally click Finish.

NOTE. Client public certificate copy is saved automatically in <Server installation path>\CA\ClientCerts\. Their name have the form client<Year><Month><Day><Hour><Minutes><Seconds>.crt. Don't remove them as they may be used for certificates management (listing, revoking. blocking, etc).