Configuring Windows 10 wireless profile to use certificate
Create a new wireless SSID for this secure connection, in this case EAP-TLS.
To create a wireless SSID:
- On Windows 10, got to Control Panel > Network and Sharing Center > Set up a new connection or network > Manually connect to a wireless network. Enter a Network name and set Security type to WPA2-Enterprise. The Encryption type is set to AES.
- Once created, you have the option to modify the wireless connection. Select Change connection settings.
- In the Security tab, set Choose a network authentication method to Microsoft: Smart card or other certificates, and select Settings.
- Enable both Use a certificate on this computer and Use simple certificate selection.
Note that, for simplification purposes, Verify the server's identity by validating the certificate has been disabled. However EAP-‐TLS allows the client to validate the server as well as the server validate the client. To enable this, you will need to import the CA from the FortiAuthenticator to the Windows 10 computer and make sure that it is enabled as a Trusted Root Certification Authority.
Select OK for all dialog windows to confirm all settings. The configuration for the Windows 10 computer has been completed and the user should be able to authenticate to WiFi via the certificate without using their username and password.