Hi,
The reason I was attempting this is because I have to provide a service for roaming users and I was having issues with obtaining a certificate for the NPS server.
whats wrong with just using your current FR certificate on the NPS box?
Does this mean that I could use a self signed certificate for the NPS that is recognized by the freeradius and have a commercial certificate on the freeradius that is then recognized by the clients?
what are your clients/userbase? why do you have to use a commercial certificate for your server? if the clients authenticating are your clients then they can have the required private CA installed - the authentication is a closed loop. if you use a commercial cert eg thawte, verisign etc and only use that as trust then anyone can get a cert signed by that commercial CA as a first point to subverting your security alan