Specify Certificate for Wired 802.1x Authentication

Brent Hilgenkamp 10 Reputation points
2024-01-26T21:28:10.76+00:00

I'm working on implementing 802.1x authentication on our wired/ethernet network using Cisco ISE and the native Windows (10) supplicant. I'll be using machine authentication with certificates. The issue I'm running into is that we have multiple Client Authentication certs all issued by the same CA installed on our machines and I can't find a way to tell Windows the exact cert I want to use for 802.1x. The most granular I can seem to get is to choose the Certificate Issues and certs that have the Client Authentication EKU but since that can match multiple certs on the machine it's not specific enough. Is there a way to have Windows choose based on Template Name or something, or what is the proper way to do that?

Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,352 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Karlie Weng 18,281 Reputation points Microsoft Vendor
    2024-01-31T06:54:06.39+00:00

    Hello,

    Certificate autoenrollment combine with group policy.

    Reference below documents for more information:

    Deploy Server Certificates for 802.1X Wired and Wireless Deployments: https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/deploy-server-certificates-for-802.1x-wired-and-wireless-deployments

    Distribute Certificates to Client Computers by Using Group Policy: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/distribute-certificates-to-client-computers-by-using-group-policy


    If the Answer is helpful, please click "Accept Answer" and upvote it.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.