How do I Configure Windows 7 for WPA Enterprise (BYOD)?

Article #: Product Castle
1269   All


How to connect a Windows 7 system to a WPA-Enterprise/802.1X wireless network using Certificate Authorities (CA).


Clients running Windows 7 are unable to connect to the Wireless network without receiving a certificate validation warning.


Microsoft’s Windows 7 operating system is very strict on how 802.1X/EAP wireless networks are connected. Without the use of registry hacks, it is not possible to connect a Windows 7 system to a WPA-Enterprise/802.1X wireless network without certificate validation.

The following describes a process of setting up an 802.1X authenticated wireless network under Windows 7 without the use of registry hacks.

Prepare the CA certificate

  1. From the Smoothwall administration user interface, go to Services > Authentication > BYOD.
  2. Download the certificate file (Certificate.cer by default).
  3. Copy the certificate file onto a suitable medium for transfer to the device, for example, USB flash drive or CD-R media.

Import the CA certificate on the device

  1. Double-click the Certificate.cer file.
  2. Windows will present the certificate details for inspection. Click the Install Certificate button.
  3. When asked where to install the certificate, click Browse, and select Trusted Root Certificate Authorities.

Create a wireless network profile

It is not possible to join the wireless network from the notification area icon as Windows defaults to incorrect settings for the network. A profile must be created manually:

  1. Access Network and Sharing Center via Control Panel.
  2. Click Set up a new connection or network.
  3. In the window that appears, select Manually connect to a wireless network.
  4. Enter the network name (SSID) into the Network Name box.
  5. Select WPA2-Enterprise as the security type.
  6. Select AES as the encryption type.
  7. Leave Security Key blank
  8. Check Start this connection automatically to connect as the network becomes available.
  9. Click Next.
    1. Click Change Connecting Settings.

Modify security settings of network profile

  1. Select the Security tab
  2. Ensure Microsoft: Protected EAP (PEAP) is selected in the drop down.
  3. Click Settings.
  4. Ensure Validate server certificate is selected.
  5. Ensure Connect to these servers is not selected.
  6. Ensure the imported root CA is selected in the list under Trusted Root Certification Authorities
  7. Clear the selection for Do not prompt user to authorize new servers or trusted certification authorities.
  8. Ensure Secured password (EAP-MSCHAPv2) is selected under Select Authentication Method.
  9. If your wireless network credentials DO NOT match your Windows credentials, click Configure and clear the selection for Automatically use my Windows logon name and password.C
  10. Click OK.
  11. Click OK.
  12. Click Advanced settings
  13. Ensure Specify authentication mode is selected, and change the drop down to User authentication.
  14. Click OK.
  15. Click OK.

Connect to the wireless network

  1. Click on the wireless network icon in the notification area.
  2. From the wireless network list, select the wireless network required and click Connect.
  3. When prompted, enter your username and password.

If you did not clear the selection for Automatically use my Windows logon name and password then you will not be prompted.

  1. You should now be connected to the wireless network.


Last updated: Author: Contributions by:
30 August 2016