Jump to content


Photo

WPA-Enterprise Support

- - - - -

  • Please log in to reply
11 replies to this topic

#1
mpapple10

mpapple10

    Newbie

  • Members
  • Pip
  • 6 posts
  • Devices:HTC Juno/Tmobile Shadow
Hello,

I am trying to connect my shadow to my school's wifi network. The settings provided to me are:

WPA-Enterprise
TKIP
802.1x authentication
PEAP

I have put all of this information in and keep getting an error that I need a personal certificate. I have checked with the IT department, and no certificate is needed, just a user name and password. The IT dept can see me connect, but then get kicked out because the phone wants to do something with a personal certificate. Does anyone have any ideas, or is this setup just not supported by the shadow?

  • 0

#2
badbob001

badbob001

    Regular

  • Members
  • PipPip
  • 144 posts

Hello,

I am trying to connect my shadow to my school's wifi network. The settings provided to me are:

WPA-Enterprise
TKIP
802.1x authentication
PEAP

I have put all of this information in and keep getting an error that I need a personal certificate. I have checked with the IT department, and no certificate is needed, just a user name and password. The IT dept can see me connect, but then get kicked out because the phone wants to do something with a personal certificate. Does anyone have any ideas, or is this setup just not supported by the shadow?


PEAP authentication usually involves a root certificate on the authentication server and optionally a personal certificate for each user. I suspect that personal certificates are not used since they are a pain to distribute. If the school generated their own root certificate, then you will need to install that certificate on your device as well.

It would be easiest to just find a wireless laptop that connects to the wireless network, open the wireless properties for the preferred network, authentication tab, click properties under EAP: type:PEAP, and check trusted root certificates. If you see one with your school's name, then you just need to export and install that certificate on your device. You can export certificates from IE: tools > internet options > content tab > certificates > trusted root certification authorities.

It is also possible that the school is using a commercially bought root certificate that the shadow doesn't have installed. You just need to determine which one it is and install it on the device.

  • 0

#3
mpapple10

mpapple10

    Newbie

  • Members
  • Pip
  • 6 posts
  • Devices:HTC Juno/Tmobile Shadow

PEAP authentication usually involves a root certificate on the authentication server and optionally a personal certificate for each user. I suspect that personal certificates are not used since they are a pain to distribute. If the school generated their own root certificate, then you will need to install that certificate on your device as well.

It would be easiest to just find a wireless laptop that connects to the wireless network, open the wireless properties for the preferred network, authentication tab, click properties under EAP: type:PEAP, and check trusted root certificates. If you see one with your school's name, then you just need to export and install that certificate on your device. You can export certificates from IE: tools > internet options > content tab > certificates > trusted root certification authorities.

It is also possible that the school is using a commercially bought root certificate that the shadow doesn't have installed. You just need to determine which one it is and install it on the device.


There is no check mark by valdiate server certificates, so that does not seem to be the problem (unless I am looking in the wrong place). I attached the options window so you can see the setup.

Attached File  peap.jpg   43.64KB   49 downloads

  • 0

#4
badbob001

badbob001

    Regular

  • Members
  • PipPip
  • 144 posts

There is no check mark by valdiate server certificates, so that does not seem to be the problem (unless I am looking in the wrong place). I attached the options window so you can see the setup.

Attached File  peap.jpg   43.64KB   49 downloads


Hmm. You may be right, but perhaps windows mobile is more picky (buggy on these matters).

Go to settings > security > certificates > root to see what certificates are installed. Compare that with the list on the PC and try installing the ones the device doesn't have. Also check if you have any personal certificates installed on the PC as well.

  • 0

#5
mpapple10

mpapple10

    Newbie

  • Members
  • Pip
  • 6 posts
  • Devices:HTC Juno/Tmobile Shadow

Hmm. You may be right, but perhaps windows mobile is more picky (buggy on these matters).

Go to settings > security > certificates > root to see what certificates are installed. Compare that with the list on the PC and try installing the ones the device doesn't have. Also check if you have any personal certificates installed on the PC as well.


I just installed every certificate from my laptop that can connect to the network. I am getting the following error now. "The network requires a personal certificate to positivily identify you." I have it set to WPA, TKIP, Automatically get the key, 802.1x on with PEAP. No personal certificate should be needed, but when i go to PEAP --> menu--> properties, it says that certificate message. I just need to get the certificate turned off. There should be an option from that menu, but I cant get there. Is there a registry hack I can use or something like a 3rd party client?

  • 0

#6
badbob001

badbob001

    Regular

  • Members
  • PipPip
  • 144 posts
See if this helps:
\HKLM\Comm\EAP\Extension\25\ValidateServerCert=dword:00000000

via: http://forum.xda-dev...ad.php?t=284534

  • 0

#7
mpapple10

mpapple10

    Newbie

  • Members
  • Pip
  • 6 posts
  • Devices:HTC Juno/Tmobile Shadow

See if this helps:
\HKLM\Comm\EAP\Extension\25\ValidateServerCert=dword:00000000

via: http://forum.xda-dev...ad.php?t=284534


I saw that earlier today too. I made that change, and restarted my shadow, still nothing. "The server requires a personal certificate to postivily identify you." I can not even access the PEAP properties menu, making me think something is wrong with my shadow. I get this error even with wifi turned off when I try to manually add the network. I'm a college Junior who has done two IS internships and I cant figure out WM6. This seems way too complicated.

Any other ideas? I am still looking. I may go to t-mobile on campus tomorrow and see if their demo phone can connect to the network or at least access PEAP properties.

  • 0

#8
badbob001

badbob001

    Regular

  • Members
  • PipPip
  • 144 posts

I saw that earlier today too. I made that change, and restarted my shadow, still nothing. "The server requires a personal certificate to postivily identify you." I can not even access the PEAP properties menu, making me think something is wrong with my shadow. I get this error even with wifi turned off when I try to manually add the network. I'm a college Junior who has done two IS internships and I cant figure out WM6. This seems way too complicated.


I get the same message if I select properties on PEAP. Try finding/creating a personal certificate and importing it?

  • 0

#9
mpapple10

mpapple10

    Newbie

  • Members
  • Pip
  • 6 posts
  • Devices:HTC Juno/Tmobile Shadow
So I think I may have finally found the problem. Even though the settings say uncheck validate server certificate, there is still a certificate in use. I found it browsing all instructions for how to connect laptops, and the issuing server was listed for a MAC connection. Now heres my question. I went through my windows certificates and do not see the certificate anywhere. How do I obtain the certificate on my shadow?

The instructions are hosted at http://wireless.pitt...eless_FINAL.pdf on page two it shows ias.cssd.pitt.edu as the certificate name.

I get the same message if I select properties on PEAP. Try finding/creating a personal certificate and importing it?


  • 0

#10
badbob001

badbob001

    Regular

  • Members
  • PipPip
  • 144 posts
In the Protected EAP Properties window on your PC, look for the certificate with the checkmark. That should be the one used by that wireless connection.

  • 0

#11
mpapple10

mpapple10

    Newbie

  • Members
  • Pip
  • 6 posts
  • Devices:HTC Juno/Tmobile Shadow
There is not one with a check mark since the certificate was created in house. Windows can not validate it, so that checkmark is left unchecked. I just need to figure out where to get this certificate from. I talked to the help desk again, and still they claim no certificates are needed.

In the Protected EAP Properties window on your PC, look for the certificate with the checkmark. That should be the one used by that wireless connection.


  • 0

#12
badbob001

badbob001

    Regular

  • Members
  • PipPip
  • 144 posts

There is not one with a check mark since the certificate was created in house. Windows can not validate it, so that checkmark is left unchecked. I just need to figure out where to get this certificate from. I talked to the help desk again, and still they claim no certificates are needed.


Maybe if you check to validate the server certificate you will get more information about the certificate itself?

Or when you're on the network, see if you can access https://ias.cssd.pitt.edu. If you're lucky, they have IIS running that is using the same certificate as the IAS server used for PEAP authentication.

Or find a Macintosh user?

  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users