Root and intermediate CA requirements for Intune Wi-Fi Authentication

Sanna Kor 0 Reputation points
2026-07-03T08:08:03.2133333+00:00

Why must the Root CA and Intermediate CA certificate profiles be explicitly assigned to an Intune Wi-Fi profile for certificate-based authentication to succeed? Our corporate Wi-Fi profile has already been deployed through Intune, but laptops still fail to connect and display an "Untrusted Certificate" error during the authentication handshake.

Windows for business | Windows 365 Enterprise
0 comments No comments

1 answer

Sort by: Most helpful
  1. VPHAN 38,360 Reputation points Independent Advisor
    2026-07-03T08:41:19.35+00:00

    Hi Sanna Kor,

    The problem is caused by the client's failure to validate the RADIUS server's certificate during the EAP-TLS handshake. To resolve this, you must explicitly select your Root and Intermediate CA certificates within the "Trusted certificate" section of your Intune Wi-Fi profile. This configuration populates the necessary registry keys to enable the Windows certificate chain engine to correctly identify and trust your corporate CA, allowing the authentication process to succeed.

    Hope this answer has brought you some useful information. If it did, please hit “accept answer”. Should you have any questions, feel free to leave a comment.

    VPHAN

    Was this answer helpful?

    0 comments No comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.