I have some trouble in configuring a Windows NPS, maybe anybody of you have an idea.
Is it possible for NPS to check whether a client certificate was signed by a specific issuing CA?
I have two SSIDs (SSID-1, SSID-2) I have one Root-CA and two different Issuing CAs (I-1, I-2)
A Client that comes with a certificate that was signed by I-2 must not use SSID-1
To manage that, my idea was to check which issuing CA comes with the certificate chain. I think NPS also has to check the Calling-Station-ID Attribute to get the SSID.
Example:
SSID-1? Yes
AND
Certificate chain has I-1? Yes
OK you are in!
Do you have an idea? By the way I have no Active Directory in the background.
Thanks!
