Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, January 23, 2019 9:43 PM
Hi all,
I just want to ask if its possible to only get certificate based authentication for WiFi on mobile devices?
I currently have it set up so Windows devices they can connect to the corporate wifi with their domain username and password. There is a certificate on the NPS server and all windows clients trust that cert because its part of the internal PKI we have.
I am not sure if every user needs his/her own user cert for the wifi connection without username and password or just one cert i need to deploy to all clients
Can anyone help enlighten me?
All replies (9)
Wednesday, January 23, 2019 9:44 PM
I would like to accomplish that on Android and iPhone devices that there is no need on corporate devices for entering username and password as long as they have the required certificate that is deployed via MDM Intune.
Thursday, January 24, 2019 5:16 AM
Hi,
Thanks for your question.
Do you want to configure certificate based authentication to Wi-Fi?
Please check whether the following link is helpful:
Best Regards,
Eric
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Thursday, January 24, 2019 8:34 PM
Hi Eric,
Yes that is correct. However I am unsure on what certificate i need to get for this to work. I can see on the page you linked to that it mention your Issuing CA and you need a certificate for client authentication and you select your root CA.
So we do have a standalone Root CA that is offline. We have an Enterprise Issuing CA on the domain. But I am not sure what certificate requirements I need and where i need to distribute it.
For example at the moment on the NAP server i have a certificate for server authentication and it sit on the the NAP server. Obviously my clients trust that certificate because they trust the issuing CA and the Root CA.
But not sure if that certificate needs to be replaced with one that does client authentication and then i need to distribute that certificate to all clients (laptops and mobiles) or what.
Friday, January 25, 2019 9:04 AM
Hi,
Thanks for your reply.
Do you want the user to connect wifi automatically with authentication?
If so, I think you eed to distribute that certificate to all clients(laptops and mobiles).
Best Regard,
Eric
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Friday, January 25, 2019 1:58 PM
Hi Eric, yes that is correct, I would like to connect to the wifi only using a certificate. no username and password. but not sure about the certificate requirements.
Do you know any resources that I can look at to learn this stuff?
Monday, January 28, 2019 2:36 AM
Hi,
Thanks for your reply.
I found an article which is about how to configure certificate for client to connect to wifi.
You can refer to:
https://www.itprotoday.com/mobile-device-management/using-certificates-secure-your-wlan
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Hope it could help.
Best Regards,
Eric
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Monday, January 28, 2019 8:39 AM
Hi Eric,
Good article, Do you happen to know how this would work for mobile devices and tablets? Because i would like mobile phones and tablets to also just log in without a user typing in username and password.
I am well aware that those devices would need a certificate pushed to them before this can happen.
Tuesday, January 29, 2019 7:06 AM
Hi,
Thanks for your reply.
The ideal situation and the actual situation will always be different, you need to do a test first.
Best Regards,
Eric
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Thursday, January 31, 2019 9:16 AM
Hi,
Was your issue resolved?
If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
If no, please reply and tell us the current situation in order to provide further help.
Best Regards,
Eric
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.