SCEPman PKI

Step 1: Deploy SCEPman Enterprise

First and foremost, you will need to set up and configure your SCEPman PKI. Please use documentation relevant to your environment to perform the installation and configuration of SCEPman. Once completed, return to this article.

Step 2: Establish trust between RADIUSaaS and SCEPman

For RADIUSaaS to trust client authentication certificates issued by SCEPman PKI, you must add SCEPman's root CA certificate to the RADIUSaaS trust store following these steps.

Step 3: Configure the RADIUS Server Certificate

In this example, we will use a RADIUS Server Certificate issued by SCEPman. Therefore, follow below steps:

1. Generate and upload your SCEPman-issued RADIUS Server Certificate as described here.

2. Activate the SCEPman-issued RADIUS Server Certificate as described here.

Once completed, your Server Certificate settings should look like this:

Step 4: Configure your networking equipment

To configure your networking equipment (Wi-Fi access points, switches, or VPN gateways), follow these steps.

After successful completion of Steps 2 - 4, the Trusted Certificates page of your RADIUSaaS instance will look similar to the one below. Please note that in our example we have used a RadSec-enabled MikroTik access point that leverages a SCEPman-issued RadSec Client Certificate.

Step 5: Configure Intune Profiles

To set up certificate-based Wi-Fi authentication, you will need to create and deploy a number of policies via Intune. These policies are as follow:

Trusted certificate profiles

This profile was configured as part of the SCEPman setup.

SCEP certificate profile

This profile was configured as part of the SCEPman setup.

Wi-Fi profile

Deploy the Wi-Fi adapter settings to your devices by following this article: