Enterprise Wi-Fi authentication (EAP)
June 25, 2014
Extensible Authentication Protocol (EAP) is an authentication framework supported in Windows Phone 8.1. EAP includes password-based authentication methods and more secure certificate-based authentication methods that you can use if you deploy a public key infrastructure with Active Directory Certificate Services or other public or private certification authorities.
Supported EAP Protocols
EAP-Transport Level Security (EAP-TLS) is an EAP type that is used in certificate-based security environments. The EAP-TLS exchange of messages provides mutual authentication, negotiation of the encryption method, and encrypted key determination between the remote access client and the authenticator. EAP-TLS provides the strongest authentication and key determination method.
EAP-AKA (SIM) is used for authentication and session key distribution using the Subscriber Identity Module (SIM).
EAP-AKA (Prime) is used for authentication and session key distribution using the International Mobile Subscriber Identifier (IMSI).
EAP-TTLS is a standards-based EAP tunneling method that supports mutual authentication and provides a secure tunnel for client inclusion authentication by using EAP methods and other legacy protocols.
Manually Configuring EAP-TLS or EAP-TTLS on Windows Phone 8.1
To manually configure EAP-TLS or EAP-TTLS authentication on a Windows Phone 8.1 device do the following:
When selecting an SSID for a connection that you do not currently have a profile for on the phone, you are presented with a sign in screen
The default setting for the “Connect using” box displays “user name+password”. For EAP-TLS and EAP-TTLS tap the “Connect using” box.
For EAP-TLS and EAP-TTLS tap “certificate” in the drop down menu. If you have more than one certificate installed on the phone then there will be a “choose a certificate” option box.
If you select that box you will get another screen with a list of the certificates that can be used for EAP-TLS or EAP-TTLS.
Once you select the certificate it will appear in the second box. Tapping the details button will show the detail information for the selected certificate.
Tap either the EAP method TLS or TTLS in the bottom “EAP Method” dropdown.
Once everything is configured, select done, and the phone will attempt to connect to the Wireless Access Point.