Creating and Installing a Self Signed
Certificate for PEAP Authentication
A server side X.509 digital certificate is required for PEAP/EAP-TLS authentication. This certificate can be purchased from a third-party Certificate Authority such as VeriSign, or it can be issued from an organization's internal Certificate Authority. But these options may be costly for test environments.
Creation of Self Signed Certificate
You can use TekCERT (or other app) to generate self signed certificates for test environments.
You may also create client certificates using TekCERT. Select "Client Certificate" as purpose to create Client Certificates in certificate parameters. You must export client certificate with its associated private key for client deployment in .pfx format.
Copy the file that contains the server certificate to the client computer. Locate the certificate file on the client computer; right click on it, than select "Install Certificate". Click "Next" on "Certificate Import Wizard" dialog. Select "Place all certificates in the following store" than click "Browse". Click "Show physical stores" and then select "Trusted Root Certification Authorities/Local Computer", click OK to close "Select Certificate Store" dialog.
Copy the file that contains the client certificate to your client computer. Locate the certificate file on the client computer; double click on the certificate file. Click next.
Client PEAP Configuration
Although there are commercially and freely available PEAP supported 802.1X supplicant alternatives for Windows, Windows editions have a built-in supplicant. In order to configure PEAP (PEAPv0-EAP-MS-CHAP v2) Authentication for a Wireless Network Connection, open Network Connections (Start/Settings/Network Connections), right click on particular wireless connection and select properties.
You will see detected wireless networks in "Preferred networks" window on "Wireless Networks" tab. Select the wireless network which requires PEAP authentication and then click properties.
Click "Validate server certificate", and select installed server root certificate installed previously in the "Trusted Root Certification Authorities" list optionally.
If you plan to authenticate user with a username/password pair other than the user uses to logon to Windows, click "Configure" button on "Protected EAP Properties" dialog and uncheck "Automatically use my Windows logon name and password" on "EAP MSCHAPv2 Properties" dialog and click OK.