Windows 2012 R2 NPS with EAP-TLS Authentication for Windows 10 Machine

After finishing my lab on NPS with PEAP-MSCHAPv2, I’m going to try out the EAP-TLS Authentication on the same lab 

Pre-Requisite of EAP-TLS Authentication on User’s Workstation

  1. Root Certificate need to be import to non-domain joined machines 
  2. Generating Client / User Certificate from CA Portal 
  3. Connecting to WIFI Network using EAP-TLS 

Export Root Certification and import to Windows 10 

You can use ADSI Edit to navigate to “CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=MonsterBean,DC=com” to verify or check where is the CA Server installed and you will find your Enterprise Root Certificate Autority server under “Certification Authorities”

Generating Client / User Certificate from CA Portal 

You will need to have Client / USer Certificate to authenticate a wireless user through EAP-TLS 

You will need to ensure that IIS Server had HTTPS binding configured (HTTPS binding is not configured automatically in my lab) 

Login to (Your CA Server) using Internet Explorer (IE)– https NOT http


Login with a valid AD Username & Password 


Select “Request a Certificate” 


Click “User Certificate” 


Click “Yes” to continue 


Click “Submit” and click “Yes” if you receive a Web Access Confirmation prompt  


Click “Install this certificate” 



The client / user certificate had been successfully enrolled 

Connecting to WIFI via EAP-TLS from Windows 10 Machines 


Select the “SSID” of the AP and Click “Connect using a certificate” 


Select the “User Certificate” and click “OK” 

Windows 10 machines is connecting to WIFI Network using EAP-TLS successfully