locked
802.1x EAP-TLS user certificate via auto enrollment RRS feed

  • Question

  • Hello, I can find many examples of 802.1x EAP-TLS authentication with NPS via 'Machine' certificate auto enrollment, but nothing for 'User' certificates.

    Is it possible to do this by creating an auto enrollment 'User' certificate template, then creating an NPS policy to authenticate the email field of the user certificate against a specified user group ?

    The 802.1x supplicant on the end computer would be configured to authenticate via 802.1x EAP-TLS 'user authentication.

    Thank you.


    Wednesday, November 13, 2019 5:49 AM

All replies

  • Hi,

    >>Is it possible to do this by creating an auto enrollment 'User' certificate template, then creating an NPS policy to authenticate the email field of the user certificate against a specified user group?

    Based on my knowledge, it is theoretically possible.

    Hope this can help you, if you have anything unclear, please let me know.

    Have a nice day!

    Ellen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact 
    tnmff@microsoft.com.





    Thursday, November 14, 2019 8:14 AM
  • Thank you. Are you aware of any guides about how to make a local Windows 10 802.1x EAP-TLS wifi profile connect by using 'user' certificate rather than a 'machine' certificate ?

    i.e. to use a certificate from the 'Current User' certificate store, rather than the 'Local computer' certificate store.

    Thank you kindly.

    Monday, November 18, 2019 2:40 AM