Using EAP-TLS with Windows 2000 Server
What do you do if you want to use a Windows 2000 Server as your Authentication Server? Since PEAP isn't an option (at the time of this writing), you can use EAP-TLS. However, EAP-TLS requires server and client certificates. So, how do you get the certificate installed on the client? The answer is: Use a Web browser to download a certificate. To do this, you must first connect your PC (or laptop) directly to the network where you can see the IIS/CA machine. This probably means bypassing the wireless AP and plugging the machine directly into the network using a wired Ethernet connection. Then, point your Web browser to http://<<IP_ADDRESS>>/certsrv.
You will be prompted for a username/password and then you'll see a screen like that in Figure 10.34.
Figure 10.34. Certificate services.
When you see this page, select the task Request a certificate and click Next. In the next screen, you will be asked to choose a certificate type (Figure 10.35). Just leave the default, User certificate request: User Certificate. Then, click Next.
Figure 10.35. Choose request type.
In the next screen (Figure 10.36), User Certificate—Identifying Information, click Submit.
Figure 10.36. User certificate—identifying information.
When prompted, click on the link to Install this certificate and click yes on the confirmation message to add the certificate to the Root Store.
That's it. Your client certificate will now be installed. The process to install a client certificate is identical for Windows 2000 or Windows XP.