• Announcements

    • Reminder - MoDaCo position on illegal content   07/30/15

      ILLEGAL CONTENT I'd like to just reaffirm MoDaCo's position regarding piracy and illegal content in the light of some recent questions / postings. Posts will be censored by myself or my moderation team if the contain or link to: Illegal / pirated / cracked software or sites that host such softwareNintendo emulators / ROMs or sites hosting them (in light of Nintendo's legal stance)CUSTOM ROMS You may discuss and post links to custom device ROMs on MoDaCo, provided the following rules are adhered to: ROMs must not contain any illegal 3rd party software (this includes trial versions included without permission)ROMs must give full credit to the original authorISSUES If you have any issues with this policy, please contact PaulOBrien directly via PM.
    • Reminder: Selling items on the forum directly is not allowed   07/30/15

      Please note that selling items on the forum directly is not allowed by the forum rules. There is a forum for eBay auctions whereby you can list the items on eBay and link to them there. This is the ONLY forum for this type of activity. You may also advertise links to the eBay forum in your signature. Please note that selling directly in contravention of these rules will result in a warning / suspension / ban.

WPA-Enterprise Support

12 posts in this topic

Posted · Report post

Hello,

I am trying to connect my shadow to my school's wifi network. The settings provided to me are:

WPA-Enterprise

TKIP

802.1x authentication

PEAP

I have put all of this information in and keep getting an error that I need a personal certificate. I have checked with the IT department, and no certificate is needed, just a user name and password. The IT dept can see me connect, but then get kicked out because the phone wants to do something with a personal certificate. Does anyone have any ideas, or is this setup just not supported by the shadow?

0

Share this post


Link to post
Share on other sites

Posted · Report post

Hello,

I am trying to connect my shadow to my school's wifi network. The settings provided to me are:

WPA-Enterprise

TKIP

802.1x authentication

PEAP

I have put all of this information in and keep getting an error that I need a personal certificate. I have checked with the IT department, and no certificate is needed, just a user name and password. The IT dept can see me connect, but then get kicked out because the phone wants to do something with a personal certificate. Does anyone have any ideas, or is this setup just not supported by the shadow?

PEAP authentication usually involves a root certificate on the authentication server and optionally a personal certificate for each user. I suspect that personal certificates are not used since they are a pain to distribute. If the school generated their own root certificate, then you will need to install that certificate on your device as well.

It would be easiest to just find a wireless laptop that connects to the wireless network, open the wireless properties for the preferred network, authentication tab, click properties under EAP: type:PEAP, and check trusted root certificates. If you see one with your school's name, then you just need to export and install that certificate on your device. You can export certificates from IE: tools > internet options > content tab > certificates > trusted root certification authorities.

It is also possible that the school is using a commercially bought root certificate that the shadow doesn't have installed. You just need to determine which one it is and install it on the device.

0

Share this post


Link to post
Share on other sites

Posted · Report post

PEAP authentication usually involves a root certificate on the authentication server and optionally a personal certificate for each user. I suspect that personal certificates are not used since they are a pain to distribute. If the school generated their own root certificate, then you will need to install that certificate on your device as well.

It would be easiest to just find a wireless laptop that connects to the wireless network, open the wireless properties for the preferred network, authentication tab, click properties under EAP: type:PEAP, and check trusted root certificates. If you see one with your school's name, then you just need to export and install that certificate on your device. You can export certificates from IE: tools > internet options > content tab > certificates > trusted root certification authorities.

It is also possible that the school is using a commercially bought root certificate that the shadow doesn't have installed. You just need to determine which one it is and install it on the device.

There is no check mark by valdiate server certificates, so that does not seem to be the problem (unless I am looking in the wrong place). I attached the options window so you can see the setup.

post-370547-1206386821_thumb.jpg

0

Share this post


Link to post
Share on other sites

Posted · Report post

There is no check mark by valdiate server certificates, so that does not seem to be the problem (unless I am looking in the wrong place). I attached the options window so you can see the setup.

post-370547-1206386821_thumb.jpg

Hmm. You may be right, but perhaps windows mobile is more picky (buggy on these matters).

Go to settings > security > certificates > root to see what certificates are installed. Compare that with the list on the PC and try installing the ones the device doesn't have. Also check if you have any personal certificates installed on the PC as well.

0

Share this post


Link to post
Share on other sites

Posted · Report post

Hmm. You may be right, but perhaps windows mobile is more picky (buggy on these matters).

Go to settings > security > certificates > root to see what certificates are installed. Compare that with the list on the PC and try installing the ones the device doesn't have. Also check if you have any personal certificates installed on the PC as well.

I just installed every certificate from my laptop that can connect to the network. I am getting the following error now. "The network requires a personal certificate to positivily identify you." I have it set to WPA, TKIP, Automatically get the key, 802.1x on with PEAP. No personal certificate should be needed, but when i go to PEAP --> menu--> properties, it says that certificate message. I just need to get the certificate turned off. There should be an option from that menu, but I cant get there. Is there a registry hack I can use or something like a 3rd party client?

0

Share this post


Link to post
Share on other sites

Posted · Report post

See if this helps:

\HKLM\Comm\EAP\Extension\25\ValidateServerCert=dword:00000000

via: http://forum.xda-developers.com/showthread.php?t=284534

I saw that earlier today too. I made that change, and restarted my shadow, still nothing. "The server requires a personal certificate to postivily identify you." I can not even access the PEAP properties menu, making me think something is wrong with my shadow. I get this error even with wifi turned off when I try to manually add the network. I'm a college Junior who has done two IS internships and I cant figure out WM6. This seems way too complicated.

Any other ideas? I am still looking. I may go to t-mobile on campus tomorrow and see if their demo phone can connect to the network or at least access PEAP properties.

0

Share this post


Link to post
Share on other sites

Posted · Report post

I saw that earlier today too. I made that change, and restarted my shadow, still nothing. "The server requires a personal certificate to postivily identify you." I can not even access the PEAP properties menu, making me think something is wrong with my shadow. I get this error even with wifi turned off when I try to manually add the network. I'm a college Junior who has done two IS internships and I cant figure out WM6. This seems way too complicated.

I get the same message if I select properties on PEAP. Try finding/creating a personal certificate and importing it?

0

Share this post


Link to post
Share on other sites

Posted · Report post

So I think I may have finally found the problem. Even though the settings say uncheck validate server certificate, there is still a certificate in use. I found it browsing all instructions for how to connect laptops, and the issuing server was listed for a MAC connection. Now heres my question. I went through my windows certificates and do not see the certificate anywhere. How do I obtain the certificate on my shadow?

The instructions are hosted at http://wireless.pitt.edu/documentation/Mac...eless_FINAL.pdf on page two it shows ias.cssd.pitt.edu as the certificate name.

I get the same message if I select properties on PEAP. Try finding/creating a personal certificate and importing it?
0

Share this post


Link to post
Share on other sites

Posted · Report post

In the Protected EAP Properties window on your PC, look for the certificate with the checkmark. That should be the one used by that wireless connection.

0

Share this post


Link to post
Share on other sites

Posted · Report post

There is not one with a check mark since the certificate was created in house. Windows can not validate it, so that checkmark is left unchecked. I just need to figure out where to get this certificate from. I talked to the help desk again, and still they claim no certificates are needed.

In the Protected EAP Properties window on your PC, look for the certificate with the checkmark. That should be the one used by that wireless connection.
0

Share this post


Link to post
Share on other sites

Posted · Report post

There is not one with a check mark since the certificate was created in house. Windows can not validate it, so that checkmark is left unchecked. I just need to figure out where to get this certificate from. I talked to the help desk again, and still they claim no certificates are needed.

Maybe if you check to validate the server certificate you will get more information about the certificate itself?

Or when you're on the network, see if you can access https://ias.cssd.pitt.edu. If you're lucky, they have IIS running that is using the same certificate as the IAS server used for PEAP authentication.

Or find a Macintosh user?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2015. MoDaCo uses IntelliTxt technology.