Update-NPSCert

Managing SSL/TLS certificates for RADIUS authentication in a Windows environment is notoriously manual. When using certificate-based authentication (PEAP or EAP-TLS), the Network Policy Server (NPS) stores the certificate selection in a way that is difficult to update programmatically.

Update-NPSCert is a PowerShell utility that bridges this gap. It allows system administrators to automate the rotation of certificates within NPS policies, making it a perfect companion for automated certificate renewal tools like Simple-ACME (Win-ACME).

Key features include:

• Automated discovery of the newest valid certificate based on Subject or Issuer.
• Safe configuration modification via XML export/import.
• Dry-run support with -WhatIf.
• Integration with ACME clients for fully automated renewals.

• View on GitHub
• Read the blog post