SCEPman PKI
This article describes the configuration steps necessary to implement certificate-based WiFi authentication using SCEPman with Intune. For this demonstration, we will use a MikroTik access point.
Last updated
This article describes the configuration steps necessary to implement certificate-based WiFi authentication using SCEPman with Intune. For this demonstration, we will use a MikroTik access point.
Last updated
Please note that this scenario requires Certificate Master, available with SCEPman Enterprise Edition.
First and foremost, you will need to set up and configure your SCEPman PKI. Please use documentation relevant to your environment to perform the installation and configuration of SCEPman. Once completed, return to this article.
For RADIUSaaS to trust client authentication certificates issued by SCEPman PKI, you must add SCEPman's root CA certificate to the RADIUSaaS trust store following these steps.
In this example, we will use a RADIUS Server Certificate issued by SCEPman. Therefore, follow below steps:
Generate and upload your SCEPman-issued RADIUS Server Certificate as described here.
Activate the SCEPman-issued RADIUS Server Certificate as described here.
Once completed, your Server Certificate settings should look like this:
To configure your networking equipment (Wi-Fi access points, switches, or VPN gateways), follow these steps.
After successful completion of Steps 2 - 4, the Trusted Certificates page of your RADIUSaaS instance will look similar to the one below. Please note that in our example we have used a RadSec-enabled MikroTik access point that leverages a SCEPman-issued RadSec Client Certificate.
To set up certificate-based Wi-Fi authentication, you will need to create and deploy a number of policies via Intune. These policies are as follow:
This profile was configured as part of the SCEPman setup.
This profile was configured as part of the SCEPman setup.
Deploy the Wi-Fi adapter settings to your devices by following this article:
| Profile Type | Purpose |
|---|---|
Trusted certificate
Deploy the Root CA certificate that has issued the RADIUS Server Certificate. In this scenario, the relevant CA corresponds to the SCEPman Root CA.
SCEP certificate
Deploy the client authentication certificate.
Wi-Fi
Deploy the wireless network adapter settings.
