LogoLogo
LogoLogo
  • Welcome
  • Details
  • Configuration
    • Getting Started
      • Generic Guide
      • Scenario-based Guides
        • Microsoft Cloud PKI
        • SCEPman PKI
    • Access Point Setup
      • RadSec
        • Aruba
        • FortiNet
        • Juniper Mist
        • Meraki
        • MikroTik
        • Ruckus
        • UniFi
      • RADIUS
        • ExtremeCloud IQ CoPilot
        • Meraki
        • Sophos UTM
        • UniFi
    • Server Certificate Renewal
  • Admin Portal
    • Home
    • Insights
      • Rule Engine
      • Logs
    • Users
    • Settings
      • Server Settings
      • Trusted Certificates
      • Proxy Settings
      • Permissions
      • User Settings
      • Rules
        • General Structure
        • WiFi
        • LAN
        • VPN
      • Log Exporter
        • Teams
        • Log Analytics
        • Generic Webhook
        • Examples
    • My Invited Users
  • Profile Deployment
    • Microsoft Intune
      • Server Trust
      • WiFi Profile
        • Windows
        • iOS/iPadOS & macOS
        • Android
      • Wired Profile
        • Windows
        • macOS
    • Jamf Pro
      • Server Trust
      • WiFi Profile
      • Wired Profile
    • Google Workspace
      • Server Trust
      • WiFi Profile
  • Other
    • Troubleshooting
    • FAQs
      • General
      • Log & Common Errors
      • MAC Authentication
      • Blast-RADIUS Vulnerability
      • OCSP Soft-fail Consequences
      • Security & Privacy
    • REST API
      • External Monitoring
    • Changelog
  • Licensing
    • Azure Marketplace
  • Support & Service Level
  • RADIUSaaS Website
Powered by GitBook
On this page
  • Step 1: Deploy SCEPman Enterprise
  • Step 2: Establish trust between RADIUSaaS and SCEPman
  • Step 3: Configure the RADIUS Server Certificate
  • Step 4: Configure your networking equipment
  • Step 5: Configure Intune Profiles
  • Trusted certificate profiles
  • SCEP certificate profile
  • Wi-Fi profile

Was this helpful?

  1. Configuration
  2. Getting Started
  3. Scenario-based Guides

SCEPman PKI

This article describes the configuration steps necessary to implement certificate-based WiFi authentication using SCEPman with Intune. For this demonstration, we will use a MikroTik access point.

Last updated 5 months ago

Was this helpful?

Step 1: Deploy SCEPman Enterprise

Please note that this scenario requires Certificate Master, available with

First and foremost, you will need to set up and configure your SCEPman PKI. Please use relevant to your environment to perform the installation and configuration of SCEPman. Once completed, return to this article.

Step 2: Establish trust between RADIUSaaS and SCEPman

For RADIUSaaS to trust client authentication certificates issued by SCEPman PKI, you must add SCEPman's root CA certificate to the RADIUSaaS trust store following .

Step 3: Configure the RADIUS Server Certificate

In this example, we will use a RADIUS Server Certificate issued by SCEPman. Therefore, follow below steps:

  1. Generate and upload your SCEPman-issued RADIUS Server Certificate as described .

  2. Activate the SCEPman-issued RADIUS Server Certificate as described .

Once completed, your Server Certificate settings should look like this:

Step 4: Configure your networking equipment

Step 5: Configure Intune Profiles

To set up certificate-based Wi-Fi authentication, you will need to create and deploy a number of policies via Intune. These policies are as follow:

Profile Type
Purpose

Trusted certificate

Deploy the Root CA certificate that has issued the RADIUS Server Certificate. In this scenario, the relevant CA corresponds to the SCEPman Root CA.

SCEP certificate

Deploy the client authentication certificate.

Wi-Fi

Deploy the wireless network adapter settings.

Trusted certificate profiles

SCEP certificate profile

Wi-Fi profile

Deploy the Wi-Fi adapter settings to your devices by following this article:

To configure your networking equipment (Wi-Fi access points, switches, or VPN gateways), follow .

After successful completion of Steps 2 - 4, the Trusted Certificates page of your RADIUSaaS instance will look similar to the one below. Please note that in our example we have used a RadSec-enabled access point that leverages a SCEPman-issued RadSec Client Certificate.

This profile was configured as part of the .

This profile was configured as part of the .

MikroTik
SCEPman setup
SCEPman setup
WiFi Profile
SCEPman Enterprise Edition.
documentation
these steps
here
here
Relevant Intune Policies
these steps