I am using NPS as a RADIUS server to authenticate some devices using PEAP MSCHAPv2. I have an issue during the server authentication, I am using a chain of trust certificates, with 1 server cert, 1 intermediate cert and 1 CA cert. The problem is that my device doesn't support chain of trust certificates, but only accepts 1 certificate : the server certificate. I've been looking in the documentation but it isn't mentionned how to configure my NPS to send only the server certificate, and not the whole chain of certificates. Resulting in sending error 42 :bad certificate. Do you have any idea or is it even possible to do this ? Thanks
See 2 wireshark capture of the problem :
