802.1x EAP-TLS with Certificates and Access Points on Windows Server 2008 CA

Giganews Newsgroups
Subject: 802.1x EAP-TLS with Certificates and Access Points on Windows Server 2008 CA
Posted by:  sniper1977 (sniper1977…@yahoo.de)
Date: Tue, 22 Jun 2010

Hello Group,

I have trouble to authenticate Access Points via EAP-TLS on a Windows
2008 Enterprise Server Domian.

Following scenario:

Our Access Points can be authenticated via certificates. To this I can
upload .p12 certificates with privat keys.
The Access Points should be authenticated by an Windows 2008
Enterprise Radius Server and the domian controller running on the same

802.1x (PEAP and EAP-TLS) for the wlan-clients (Laptops) and for user
of the clients works correct. The certificates are generated via
webinterface of the ca.

But now my problem:
How can I create a certificate for the access point which is working
for authentication via the Radius Server.
I created certificate templates based on user templates but this
templates aren't working. I read the 2008  Radius Server needs an
"subject alternativ name" in the certificate. If I create a user
certificate (via standard template) I can find the SAN as principal
name but I can't create certificates via my template (copied from user
template) with san.

One additional hint: I will not create an user for every access point,
login with this account and then create a certificate for each access
point (we use over 400 access points!) ;-/ (this is working I know).

I will create a user for every access point, yes. But not login for

Is it right to use a user template? What is to change to get it's
Does enyone have a guide?