I've been running a RADIUS server using Windows NPS for about two years with a paid GoDaddy SSL certificate. After renewing it last October, everything was functioning perfectly until January 2, 2026, when all my clients started rejecting the SSL certificate and chain. As an emergency measure, I switched to a locally issued Windows AD certificate through MDM tools, and now all clients authenticate fine with that. I'm puzzled and stuck with a paid certificate that seems untrustworthy. I've even tried rekeying the original certificate, but it still fails for my RADIUS clients on devices like phones and iPads. The certificate hasn't expired and is still valid, but the error in the server event viewer states: 'Reason code 265: The certificate chain was issued by an authority that is not trusted.' Does anyone have any ideas on what might be causing this?
4 Answers
Sounds like you might need to update the Group Policy Object (GPO) settings. Typically, with a paid certificate, you'd think you wouldn't need to push it, but it's worth a shot if it worked for that long. Sometimes GPOs can cause issues with certificate trust.
I had a similar situation at work, but we ran into problems with a Digicert certificate and ended up using an internally issued one instead. It's frustrating when these paid certs don't play nice, isn't it?
To troubleshoot, consider checking two things: First, make sure that the entire certificate chain, including the root CA and any intermediate CAs, are installed in the trusted root store. Second, ensure that the issuer of your certificate is listed as a trusted issuer in your WiFi policy.
If the certificate is being rejected, you might want to check the specific error message. Sometimes there are additional details that can help pinpoint the issue better. What exactly does the log say when the rejection happens?
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures