802.1x PEAP GPO that trusts self-signed CA certificate

OK. Admittedly I am not a Microsoft or GPO expert by any means but this just seems weird.

This question seemed to have half the answer - the certificate needs to be available in the Trusted Root Certification Authorities on whatever domain controller gpmc is connecting to. That seems to make sense. However, even after installing the certificate on our domain controller it still was not an option that was available for selection if I ran gpmc on my workstation. On a lark, I logged into the domain controller in question and ran gpmc directly AND the certificate was available.

I tried then installing the certificate into my workstation's Trusted Root Certificate Authorities, thinking along same the lines as @Greg Askew. No dice. Still not available as an option in the PEAP settings.

You apparently need a) to have installed the certificate in the Trusted Root Certification Authorities on whatever domain controller gpmc is connecting to and b) be running GPMC on that domain controller directly.

This makes no sense to me as RSAT is RSAT is RSAT, regardless of whether you are running gpmc on a domain controller or a workstation. Go figure... a beer goes to whomever can explain this!



From my workstation - no certificate:

gpmc workstation



From the domain controller - certificate is available!

gpmc dc


Just a guess. I would think that the machine where gpmc is running needs to have the certificate in the machine Trusted Root CA folder, and/or have a GPO that deploys the certificate to the domain as a Trusted Root CA certificate.