The clients are employees of a fairly loose network of companies, each on their own AD, some doesn't even have ad.
Hi,
whats wrong with just using your current FR certificate on the NPS box?
> The reason I was attempting this is because I have to provide a service
> for roaming users and I was having issues with obtaining a certificate for
> the NPS server.
what are your clients/userbase? why do you have to use a commercial certificate
> Does this mean that I could use a self signed certificate for the NPS that
> is recognized by the freeradius and have a commercial certificate on the
> freeradius that is then recognized by the clients?
for your server? if the clients authenticating are your clients then they can have
the required private CA installed - the authentication is a closed loop. if you use
a commercial cert eg thawte, verisign etc and only use that as trust then anyone can
get a cert signed by that commercial CA as a first point to subverting your security
alan