Once you have certificate deployment working, you can use it for several purposes. One example would be to use certificate based authentication against Exchange (on-prem), VPN or WiFi Profiles. Certificate based authentication against WiFi profiles is a common ask, in this post I'll explain how to configure this in ConfigMgr 2012 R2.
- Create a new WiFi profile.
- Enter SSID details.
- Select your Security Type, Encryption and “Smart Card or other certificate” and select “Configure”.
- Configure as follows: “Use a certificate on this computer”, deselect “Verify the server’s identity…..” and hit “Advanced”.
- Pressing the “Advanced” button will bring you to the “Configure Certificate Selection” dialog.
Make sure you select your issuing CA and add the “Client Authentication” SKU at the AnyPurpose section.
- Hit OK until you return to “Add Wi-Fi Profile Security Configuration” wizard (shown at step 3).
Select the appropriate Root Certificate.
Select the appropriate Client Certificate.
- After selecting “Next” make sure you enable “Specify Authentication Mode” and select “User Authentication”.
- If a proxy is required, details can be provided in the next dialog.
- Select the platforms and deploy this profile to a user group.
After deploying the profile, wait a few minutes and enroll a new user or enforce a policy refresh on Windows Phone 8.1. You phone should connect to the WiFi automatically using the SCEP Certificate.