Testing revoke certificates in NPS server

Question

I am testing a NPS server in Windows Server 2022, with PEAP (with certificates), the setup is:

• Windows Server 2022 --> AD DS (test.lab), AD CS, NPS
• Windows 10 --> Joined to domain

Certs in Windows Server 2022:

certs

NPS configuration:

nps_eap

Result:

test_connection

The connection is succesfull, but now, I am trying to revoke the certificate for reject the connection but I dont know how are following steps... I have tried to revoke the certificate with Certificate Authority, but doesn't work

Answer 1

To enable revocation check, please try the following:

• Administrators must enable the RootCertificateNameToAccept parameter and set a registry key to enable functionality.
• To enable CRL (Certification revocation List) for IKEv2 VPN connections,
• Open a PowerShell window and below commands:

_$Thumbprint = ‘Root CA Certificate Thumbprint’_
_$RootCACert = (Get-ChildItem -Path cert:\LocalMachine\root | Where-Object {$_.Thumbprint -eq $Thumbprint})_
_Set-VpnAuthProtocol -RootCertificateNameToAccept $RootCACert -PassThru_

_New-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2\’ -Name CertAuthFlags -PropertyTYpe DWORD -Value ‘4’ -Force_

_Restart-Service RemoteAccess -PassThru_

Revoking certificates

• The administrator must first revoke the certificate on the issuing CA.

Open a elevated command window and enter the below commands:

_certutil -urlcache * delete_
_certutil -setreg chain\ChainCacheResyncFiletime @now_

• If the above solution doesn't work, please try the following steps:

Click start -> Administrative Tools -> Click Certification Authority -> Expand your CA -> Click the Issued Certificates folder -> Select issues certificates -> Click All Tasks -> click Revoke Certificate -> In the Certificate Revocation dialog box -> select Cease of Operation -> click OK

References :

certificate revocation | Richard M. Hicks Consulting, Inc. (richardhicks.com).

How to Decommission a Windows Enterprise Certification Authority and How to Remove All Related Objects - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com).