SCEPman PKI
This article describes the configuration steps necessary to implement certificate-based WiFi authentication using SCEPman with Intune. For this demonstration, we will use a MikroTik access point.
Last updated
Was this helpful?
This article describes the configuration steps necessary to implement certificate-based WiFi authentication using SCEPman with Intune. For this demonstration, we will use a MikroTik access point.
Last updated
Was this helpful?
Please note that this scenario requires Certificate Master, available with
First and foremost, you will need to set up and configure your SCEPman PKI. Please use relevant to your environment to perform the installation and configuration of SCEPman. Once completed, return to this article.
For RADIUSaaS to trust client authentication certificates issued by SCEPman PKI, you must add SCEPman's root CA certificate to the RADIUSaaS trust store following .
In this example, we will use a RADIUS Server Certificate issued by SCEPman. Therefore, follow below steps:
Generate and upload your SCEPman-issued RADIUS Server Certificate as described .
Activate the SCEPman-issued RADIUS Server Certificate as described .
Once completed, your Server Certificate settings should look like this:
To set up certificate-based Wi-Fi authentication, you will need to create and deploy a number of policies via Intune. These policies are as follow:
Trusted certificate
Deploy the Root CA certificate that has issued the RADIUS Server Certificate. In this scenario, the relevant CA corresponds to the SCEPman Root CA.
SCEP certificate
Deploy the client authentication certificate.
Wi-Fi
Deploy the wireless network adapter settings.
Deploy the Wi-Fi adapter settings to your devices by following this article:
To configure your networking equipment (Wi-Fi access points, switches, or VPN gateways), follow .
After successful completion of Steps 2 - 4, the Trusted Certificates page of your RADIUSaaS instance will look similar to the one below. Please note that in our example we have used a RadSec-enabled access point that leverages a SCEPman-issued RadSec Client Certificate.
This profile was configured as part of the .
This profile was configured as part of the .