This will be using the client certificate generated in Freeradius: Generate certificates for client and server authentication
step 6.Import certificate
- Copy the client.p12 file located at /etc/openvpn/easy-rsa/keys/client.p12 to the client device.
- Open the Microsoft Management Console
- Add the Certificates snap-in. If setting up as user authentication select "My user account" for machine authentication select "Computer account"
- Select Personal > Certificates
- Open Action > All tasks > Import.
- Specify the client.p12 file location.
- Enter the password configured when the certificate was generated.
- Select "Automatically select the certificate store based on the type of certificate."
- Create a new wireless network on the client via Network and Sharing Center > Manage wireless networks > Add
- Select Manually create a network profile:
Network name: <SSID configured in Dashboard>
Security type: WPA2-Enterprise
Encryption type: AES
- After creating the profile we will need to modify settings for the SSID so select Change connection settings
- Select the Security tab
- Change the authentication method to Microsoft: Smart Card or other certificate
- Select Advanced settings
- Specify authentication method and based on where the certificate was placed select the proper user or computer authentication
- Click OK to save the Advanced settings
- Select Settings
- In the Trusted Root Certification Authorities find and check the certificate generated. The name of this is the same as the KEY_ORG in the vars file when the certificate was generated (Freeradius: Generate certificates for client and server authentication step 5)
- Click OK to save changes to Settings and again to save the changes to the wireless profile
The certificate is now installed on the client and the wireless profile configured to use the certificate.