3 Replies Latest reply on May 1, 2018 5:47 PM by Intel Corporation

    Admin Profile - WPA2+TLS using Machine Cert

    lmend

      Using the PROSet/Wireless Admin tool, I'm attempting to create a profile package containing a persistent and pre-login/common profile configured for WPA2 + TLS using a machine certificate. Once the profile is applied and a user has logged on, the profile switches to using a user cert (verified by netsh ras tracing). Is there a way to force the use of a machine cert regardless of a user logged on or off?

        • 1. Re: Admin Profile - WPA2+TLS using Machine Cert
          Intel Corporation
          This message was posted on behalf of Intel Corporation

          Hello lmend,

          We understand that you are using the Intel® PROset/Wireless Administrator Tool to create a WPA2-Enterprise EAP-TLS profile using computer/machine certificate, but once the user logs in, this changes to user certificate.

          In order to better assist you, we would like to know the following:

          NOTE: Any links provided for third party tools or sites are offered for your convenience and should not be viewed as an endorsement by Intel® of the content, products, or services offered there. We do not offer support for any third party tool mentioned here.

          Do you also experience this problem when creating the profile through the OS?
           - Creating a secure 802.1x wireless infrastructure using Microsoft Windows*
           
          Could you also share an Intel® System Support Utility report?
              1. Download the latest Intel® SSU
              2. While connected to your WiFi network, run the scan for "everything."
              3. Save and name the report.
              
          We look forward to hearing back from you.

          Best regards,
          Carlos A.
           

          • 2. Re: Admin Profile - WPA2+TLS using Machine Cert
            lmend

            For anyone else that has this issue, the response I received from support was that this is expected behavior for an admin profile. A P10 profile needs to be imported (manually or automatically) to make sure a machine certificate is always used. Alternatively, the Windows Wireless configurations utility can be used.

             

            Since Intel specifically states the PROSet/Wireless utility is not supported by Windows 10 (link below), I have very little choice but to switch to Microsoft's built in utility anyway.

            https://www.intel.com/content/www/us/en/support/articles/000005649/network-and-i-o/wireless-networking.html

             

            That said, Intel's statement is wrong. The Windows 8.1 package can be used to install the PROSet/Wireless Utility on Windows 10. The utility works without issue. Why Intel states Windows 10 doesn't support it beyond me. I personally wish Intel would officially support PROSet/Wireless on Windows 10 as Microsoft has seriously dropped the ball on wireless profile management in regards to stand alone, non domain joined PCs. Even then, managing wireless profiles is abysmal unless you love netsh.

            • 3. Re: Admin Profile - WPA2+TLS using Machine Cert
              Intel Corporation
              This message was posted on behalf of Intel Corporation

              Hello lmend,

               

              Thank you for updating your thread with the information obtained through your local support team.

               

              Please keep in mind that while installing the Intel® WiFi Connection Utility in Windows® 10 can be achieved, it's not supported. Just the same, at this time, using machine certificate after user log on is not currently supported by the Intel® PROSet/Wireless Software. This affects both WPA2-Enterprise EAP-TLS and PEAP profiles.

               

              Our best recommendation will be to use the OS provided methods for creating and importing these type of wireless profiles if you require to use machine certificate after user log on.

               

              Best regards,
              Carlos A.