Windows 2012 R2 NPS with EAP-TLS Authentication for Windows 10 Machine

After finishing my lab on NPS with PEAP-MSCHAPv2, I’m going to try out the EAP-TLS Authentication on the same lab 

Pre-Requisite of EAP-TLS Authentication on User’s Workstation

  1. Root Certificate need to be import to non-domain joined machines 
  2. Generating Client / User Certificate from CA Portal 
  3. Connecting to WIFI Network using EAP-TLS 

Export Root Certification and import to Windows 10 

You can use ADSI Edit to navigate to “CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=MonsterBean,DC=com” to verify or check where is the CA Server installed and you will find your Enterprise Root Certificate Autority server under “Certification Authorities”

Generating Client / User Certificate from CA Portal 

You will need to have Client / USer Certificate to authenticate a wireless user through EAP-TLS 

You will need to ensure that IIS Server had HTTPS binding configured (HTTPS binding is not configured automatically in my lab) 

Login to https://192.168.1.201/certsrv (Your CA Server) using Internet Explorer (IE)– https NOT http

EAP-TLS-01

Login with a valid AD Username & Password 

EAP-TLS-02

Select “Request a Certificate” 

EAP-TLS-03

Click “User Certificate” 

EAP-TLS-04

Click “Yes” to continue 

EAP-TLS-05

Click “Submit” and click “Yes” if you receive a Web Access Confirmation prompt  

EAP-TLS-07

Click “Install this certificate” 

EAP-TLS-08

EAP-TLS-09

The client / user certificate had been successfully enrolled 

Connecting to WIFI via EAP-TLS from Windows 10 Machines 

EAP-TLS-10

Select the “SSID” of the AP and Click “Connect using a certificate” 

EAP-TLS-11

Select the “User Certificate” and click “OK” 

Windows 10 machines is connecting to WIFI Network using EAP-TLS successfully 

 

Share This