Freeradius and deploying client certificates for Windows OS

Vieri Di Paola vieridipaola at
Mon May 3 18:07:02 CEST 2021

On Mon, May 3, 2021 at 3:53 PM Tony Skalski via Freeradius-Users
<freeradius-users at> wrote:
> If you use Microsoft's certificate services, you can configure an automatic
> certificate enrollment group policy. This can generate certs for both users
> and computers as needed. This works for Windows clients. If you have other
> clients, you will want an MDM or alternatively a certificate onboarding
> solution, though if you have Macs joined to Active Directory, you should be
> able to issue the certs without a for-pay MDM.

Yes, most of the clients are Windows.
I was in fact thinking of following a guide such as this one:
However, as I have 0 experience with M$ solutions I was wondering if
anyone knew beforehand if the certs deployed by the Microsoft
Certification Authority via AD group policy will be compatible with
FreeRADIUS without extra fiddling.
I'm asking because I wouldn't want to work my way out of Microsoft
madness to finally find out that the certs are incompatible unless
mangled as noted in this post (which might be outdated):



More information about the Freeradius-Users mailing list