using certificate to authenticate the user to the wi-fi

  • 1
  • Question
  • Updated 8 months ago

Hi, We have Ruckus Virtual SmartZone. At the moment user's connect to the WiFi using the domain username & password. We would like to test the certificate based wifi authentication.

We have Microsoft Certificate Authority. NPS has been installed on Domain Controller. In NPS I have created connection request policy with the condition NAS Port Type Wirelesses IEEE 802.11 Or Wireless – Other.

Network Policy has been created with the condition NAS Port Type Wirelesses IEEE 802.11 Or Wireless – Other, EAP Types as Microsoft Smart Card or other Certificates >> Selected the domain controller certificate that is installed on that server.

Now I guess I need to get a certificate for the end user which I will be asking the end user to install it on their devices, do I create this certificate CSR from the Ruckus\System\Certificates\CSR and submit the CSR request via web enrolment to the Microsoft CA where I have to paste the CSR and select the Certificate Template (not sure which template) ?

 

Any help on this will be much appreciated, thank you.

Bicky

 

 
Photo of Bicky Budha

Bicky Budha

  • 5 Posts
  • 0 Reply Likes

Posted 8 months ago

  • 1
Photo of RedVision81

RedVision81

  • 25 Posts
  • 6 Reply Likes
we have a similiar constellation. are your devices domain-computers?


Photo of Bicky Budha

Bicky Budha

  • 5 Posts
  • 0 Reply Likes
I am testing this certificate based authentication for the BYOD devices. 
Photo of RedVision81

RedVision81

  • 25 Posts
  • 6 Reply Likes
why you want to switch from AD to Cert-based? AD is much easier to handle. Installing a Cert on an iPhone or Android is always difficult. and if the employe leaves the company you just can disable the account and he/she cannot use the wifi anymore. with certs its much more difficult. 
Photo of Bicky Budha

Bicky Budha

  • 5 Posts
  • 0 Reply Likes
We are not switching from AD to the Cert-based. I just want to test the certificate based authentication to get my hands-on, kind of trying to learn and see how it works.
Photo of RedVision81

RedVision81

  • 25 Posts
  • 6 Reply Likes
for our internal clients we get the cert for wifi from our ca via auto enrollment policy.

dont know which way is here the best for external devices.

but anyway its much too complicated in my opinion to handle that. hence i wouldnt even try this out :)