Summary
Certificates use public key cryptography to bind the value of a public key to the identity of the person, device, or service that holds the corresponding private key. A PKI is a system of certificates and CAs that issue and verify the validity certificates. Windows supports certificates and PKI by allowing the secure storage of certificates and by acting as a CA, using Certificate Services. Windows computers can obtain certificates through autoenrollment, Web enrollment, by requesting or importing a certificate using the Certificates snap-in, or by running a CAPICOM script or program. Windows wireless clients can authenticate as a computer or as a user. For EAP-TLS authentication, it is recommended to install both computer and user certificates.
You can use third-party CAs for the certificates on wireless client computers or IAS servers as long as they have the correct set of properties.