Σεμνά και ταπεινά

It is quite common that you may want to give external access to your SPS portal.

It is also quite common that you provide a RADIUS controlled access to mobile devices in your organization.

Assuming that you have used either of the techniques recommended by Microsoft Best Practices you may find yourself in trouble when requesting off line the issue of the certificate by your Certificate/Internet Authentication Service Server.

You are most likely to get in your CA Server the following error: Certificate not issued (Denied) Denied by Policy Module 0x80094801 error.

(If your CA is on line the installation goes well)

To solve the issue you have to manually do the request by issuing the command:

certreq -attrib "CertificateTemplate:WebServer" -submit certreq.txt

PS: The Best practices are here:
1. Securing Wireless LANs with PEAP and Passwords : The textual guide can  be found in HTML here
2. Securing Wireless LANs with Certificate Services: The textual guide can be found in HTML  here

If however you use a stand alone machine (like in SBS) you can create your certificate using the SelfSSL util in Internet Information Services (IIS) 6.0 Resource Kit Tools: this way you dont need a certificate server.