Install SCEP certificate manually on Windows

To configure EAP-TLS on Windows manually with Foxpass, you can follow the steps below:

Install Foxpass Client CA

• Go to https://console.foxpass.com/settings/scep/. Download Foxpass Client CA by clicking the 'Download CA' button located under 'Client Certificate Authorities' on the SCEP page. Please refer to the image below for the Client CA download location.

• Double-click the Foxpass CA certificate file in Windows. Click Open.

• The Certificate dialog box will appear. Click the "Install Certificate" button. Now select "Local Machine" as the store location. Click Next. You may see a prompt saying "Do you want to allow this app to make changes to your device?". Click 'Yes' to this prompt.

• In the Select Certificate Store window, select "Place all certificates in the following store", choose "Trusted Root Certification Authorities", click "Next" and then "Finish" to complete the installation. You will see a dialog box showing 'The import was successful" indicating that the CA certificate is now installed and trusted on the Windows computer.

Install Foxpass Server CA

• Go to https://console.foxpass.com/settings/scep/.
• Download Foxpass Server CA by clicking the 'Download CA' button in the active CA section, which is located under 'Server Certificate Authorities' on the SCEP page. Please refer to the image below for the Server CA download location.

• Open Foxpass Server CA. Install the Foxpass Server CA in the same way as you installed Foxpass Client CA.

Install the Client Certificates

• Go to https://console.foxpass.com/settings/scep/.
• Click the Manually create certificate button and type the email of the user as the Certificate CN.

• Select the .p12 in the download format and type the password to encrypt the certificate below.
• Click the Generate Client Certificate, it will download the client certificate automatically.

• Double click the downloaded Client certificate and install it to the Current User/Personal store
• It will ask you to supply the password used to encrypt the certificate

Configure the wireless network settings

• Go to Network and Sharing Center> Set up new connection or network > Manually connect to a wireless network.

• Network Name - Your network's name
• Security Type - WPA2-Enterprise AES

• Once the network is created, Select 'Change Connections Settings'.

• Click the "Security" tab.
• Change the "Network authentication method" to "Microsoft: Smart Card or other certificates)".

• Click "Settings" next to "Microsoft: Smart Card or other certificates))".
• Select both Use a certificate on this computer and Use simple certificate selection.
• Select Verify the server's identity by validating the certificate
• Select Foxpass EAP-TLS Server CA under Trusted Root Certificate Authorities.

• Click Advanced.
• Select Certificate Issuer and select Foxpass Client CA.
• Click Ok.

The setup for the Windows computer is now complete, allowing users to authenticate to Wi-Fi using their certificate instead of entering their username and password.