I have multiple NPS network policies using Microsoft PEAP with a self-signed certificate. When our internal CA automatically renews the certificate, all of the network policies switch to another (it appears, random) certificate installed on the NPS server. When this happens wireless clients cannot authenticate, wreaking havoc in our infrastructure.
The certificate template upon which the self-signed certificate is based automatically renews the certificate 6 weeks prior to expiration. To mitigate this issue I've set a reminder for myself to edit the NPS policies and select the renewed certificate. But I'm an IT firefighter, and sometimes fires keep me from routine tasks, even important ones.
Is there a way to tell NPS to use the renewed certificate instead of picking some certificate at random?