none
Certificate based wifi authentication instead of username and password RRS feed

  • שאלה

  • I have a windows 2016 server(RADIUS) with AD and NPS configured. For now i am authenticating users using their username and password, and then the AD CA will provide a certificate and logs the user in.

    I want now to authenticate users by using only a certificate issued by CA without entering username and password. Is there any possible ways to achieve it?
    יום שישי 15 נובמבר 2019 08:10

תשובות

  • Hi,

    Do you mean that you want to export the CA on your server and then import to your mobile devices?

    If yes, run certmge.msc

    Please expand Personal, click Certificates, choose your user certificate and export it .

    Then expand Trusted Root Certification Authorities, click Certificates, choose your CA certificate and export it.

    Copy the following two certificates to your Android phone SD card.

    During my test, after copying two certificates above, I can click and install them on my SD card via Android phone.

    Hope this can help you, if you have anything unclear, please let me know.

    Have a nice day!

    Ellen



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact 
    tnmff@microsoft.com.


    יום שלישי 26 נובמבר 2019 02:52

כל התגובות

  • Hi,

    >>I want now to authenticate users by using only a certificate issued by CA without entering username and password.

    Based on my knowledge, you can authenticate by CA without username and password.

    You can refer the following article:

    https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-certificates

    Hope this can help you, if you have anything unclear, please let me know.

    Have a nice day!

    Ellen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact 
    tnmff@microsoft.com.



    יום שני 18 נובמבר 2019 08:08
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Ellen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact 
    tnmff@microsoft.com.




    יום שלישי 19 נובמבר 2019 06:59
  • Hi,

    As this thread has been quiet for a while, we will propose it as ‘Answered’ as the information provided should be helpful.

    If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    Best regards,

    Ellen

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact 
    tnmff@microsoft.com.


    יום חמישי 21 נובמבר 2019 01:54
  • Thankyou Ellen !
    Im not sure whether this works for Mobile devices like android and iOS. Is there a way to push AD CA certificates to mobile devices ?

    Vigneshan Seshamany

    יום שישי 22 נובמבר 2019 06:12
  • Hello, I also would like to see any guide or evidence that you can authenticate users with 'User' certificates from the user store via 802.1x EAP-TLS in Windows.

    I have been unable to find a single article explaining how to do this e.g confiugring the 802.1x supplicant to use 'User' certificates instead of 'Machine' certiciates.. Everything out there has to do with using 'Machine' certificates for authentication.

    I know Ellen said it was theoretically possible, but I would love to see a guide from Microsoft.

    Please has anyone ever done this before ?

    p.s Vigneshan we use third party apps to install our AD CA certificate to mobile phones. 


    • נערך על-ידי macattacker123 שבת 23 נובמבר 2019 03:23
    שבת 23 נובמבר 2019 03:22
  • May i know what are the apps you use to push the certificated to mobile devices?
    We also have our own MDM solution but i need to know a way how to get the certificates to my MDM platform. Once i get the certificates to our MDM, the rest is a piece of cake, can push and install the certificates inside mobile devices.

    Vigneshan Seshamany

    שבת 23 נובמבר 2019 12:39
  • Hi,

    Do you mean that you want to export the CA on your server and then import to your mobile devices?

    If yes, run certmge.msc

    Please expand Personal, click Certificates, choose your user certificate and export it .

    Then expand Trusted Root Certification Authorities, click Certificates, choose your CA certificate and export it.

    Copy the following two certificates to your Android phone SD card.

    During my test, after copying two certificates above, I can click and install them on my SD card via Android phone.

    Hope this can help you, if you have anything unclear, please let me know.

    Have a nice day!

    Ellen



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact 
    tnmff@microsoft.com.


    יום שלישי 26 נובמבר 2019 02:52
  • Hi,

    Sorry that we don't have the lab environment to do a test.

    >>I know Ellen said it was theoretically possible, but I would love to see a guide from Microsoft.

    I will try other ways to find something useful about this, please wait a few days.

    Have a nice day!

    Ellen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact 
    tnmff@microsoft.com.




    יום שלישי 26 נובמבר 2019 03:00