Guest mpapple10 Posted March 23, 2008 Report Share Posted March 23, 2008 Hello, I am trying to connect my shadow to my school's wifi network. The settings provided to me are: WPA-Enterprise TKIP 802.1x authentication PEAP I have put all of this information in and keep getting an error that I need a personal certificate. I have checked with the IT department, and no certificate is needed, just a user name and password. The IT dept can see me connect, but then get kicked out because the phone wants to do something with a personal certificate. Does anyone have any ideas, or is this setup just not supported by the shadow? Link to comment Share on other sites More sharing options...
Guest badbob001 Posted March 24, 2008 Report Share Posted March 24, 2008 Hello, I am trying to connect my shadow to my school's wifi network. The settings provided to me are: WPA-Enterprise TKIP 802.1x authentication PEAP I have put all of this information in and keep getting an error that I need a personal certificate. I have checked with the IT department, and no certificate is needed, just a user name and password. The IT dept can see me connect, but then get kicked out because the phone wants to do something with a personal certificate. Does anyone have any ideas, or is this setup just not supported by the shadow? PEAP authentication usually involves a root certificate on the authentication server and optionally a personal certificate for each user. I suspect that personal certificates are not used since they are a pain to distribute. If the school generated their own root certificate, then you will need to install that certificate on your device as well. It would be easiest to just find a wireless laptop that connects to the wireless network, open the wireless properties for the preferred network, authentication tab, click properties under EAP: type:PEAP, and check trusted root certificates. If you see one with your school's name, then you just need to export and install that certificate on your device. You can export certificates from IE: tools > internet options > content tab > certificates > trusted root certification authorities. It is also possible that the school is using a commercially bought root certificate that the shadow doesn't have installed. You just need to determine which one it is and install it on the device. Link to comment Share on other sites More sharing options...
Guest mpapple10 Posted March 24, 2008 Report Share Posted March 24, 2008 PEAP authentication usually involves a root certificate on the authentication server and optionally a personal certificate for each user. I suspect that personal certificates are not used since they are a pain to distribute. If the school generated their own root certificate, then you will need to install that certificate on your device as well. It would be easiest to just find a wireless laptop that connects to the wireless network, open the wireless properties for the preferred network, authentication tab, click properties under EAP: type:PEAP, and check trusted root certificates. If you see one with your school's name, then you just need to export and install that certificate on your device. You can export certificates from IE: tools > internet options > content tab > certificates > trusted root certification authorities. It is also possible that the school is using a commercially bought root certificate that the shadow doesn't have installed. You just need to determine which one it is and install it on the device. There is no check mark by valdiate server certificates, so that does not seem to be the problem (unless I am looking in the wrong place). I attached the options window so you can see the setup. Link to comment Share on other sites More sharing options...
Guest badbob001 Posted March 24, 2008 Report Share Posted March 24, 2008 There is no check mark by valdiate server certificates, so that does not seem to be the problem (unless I am looking in the wrong place). I attached the options window so you can see the setup. Hmm. You may be right, but perhaps windows mobile is more picky (buggy on these matters). Go to settings > security > certificates > root to see what certificates are installed. Compare that with the list on the PC and try installing the ones the device doesn't have. Also check if you have any personal certificates installed on the PC as well. Link to comment Share on other sites More sharing options...
Guest mpapple10 Posted March 25, 2008 Report Share Posted March 25, 2008 Hmm. You may be right, but perhaps windows mobile is more picky (buggy on these matters). Go to settings > security > certificates > root to see what certificates are installed. Compare that with the list on the PC and try installing the ones the device doesn't have. Also check if you have any personal certificates installed on the PC as well. I just installed every certificate from my laptop that can connect to the network. I am getting the following error now. "The network requires a personal certificate to positivily identify you." I have it set to WPA, TKIP, Automatically get the key, 802.1x on with PEAP. No personal certificate should be needed, but when i go to PEAP --> menu--> properties, it says that certificate message. I just need to get the certificate turned off. There should be an option from that menu, but I cant get there. Is there a registry hack I can use or something like a 3rd party client? Link to comment Share on other sites More sharing options...
Guest badbob001 Posted March 25, 2008 Report Share Posted March 25, 2008 See if this helps: \HKLM\Comm\EAP\Extension\25\ValidateServerCert=dword:00000000 via: http://forum.xda-developers.com/showthread.php?t=284534 Link to comment Share on other sites More sharing options...
Guest mpapple10 Posted March 26, 2008 Report Share Posted March 26, 2008 See if this helps: \HKLM\Comm\EAP\Extension\25\ValidateServerCert=dword:00000000 via: http://forum.xda-developers.com/showthread.php?t=284534 I saw that earlier today too. I made that change, and restarted my shadow, still nothing. "The server requires a personal certificate to postivily identify you." I can not even access the PEAP properties menu, making me think something is wrong with my shadow. I get this error even with wifi turned off when I try to manually add the network. I'm a college Junior who has done two IS internships and I cant figure out WM6. This seems way too complicated. Any other ideas? I am still looking. I may go to t-mobile on campus tomorrow and see if their demo phone can connect to the network or at least access PEAP properties. Link to comment Share on other sites More sharing options...
Guest badbob001 Posted March 26, 2008 Report Share Posted March 26, 2008 I saw that earlier today too. I made that change, and restarted my shadow, still nothing. "The server requires a personal certificate to postivily identify you." I can not even access the PEAP properties menu, making me think something is wrong with my shadow. I get this error even with wifi turned off when I try to manually add the network. I'm a college Junior who has done two IS internships and I cant figure out WM6. This seems way too complicated. I get the same message if I select properties on PEAP. Try finding/creating a personal certificate and importing it? Link to comment Share on other sites More sharing options...
Guest mpapple10 Posted March 27, 2008 Report Share Posted March 27, 2008 So I think I may have finally found the problem. Even though the settings say uncheck validate server certificate, there is still a certificate in use. I found it browsing all instructions for how to connect laptops, and the issuing server was listed for a MAC connection. Now heres my question. I went through my windows certificates and do not see the certificate anywhere. How do I obtain the certificate on my shadow? The instructions are hosted at http://wireless.pitt.edu/documentation/Mac...eless_FINAL.pdf on page two it shows ias.cssd.pitt.edu as the certificate name. I get the same message if I select properties on PEAP. Try finding/creating a personal certificate and importing it? Link to comment Share on other sites More sharing options...
Guest badbob001 Posted March 27, 2008 Report Share Posted March 27, 2008 In the Protected EAP Properties window on your PC, look for the certificate with the checkmark. That should be the one used by that wireless connection. Link to comment Share on other sites More sharing options...
Guest mpapple10 Posted March 27, 2008 Report Share Posted March 27, 2008 There is not one with a check mark since the certificate was created in house. Windows can not validate it, so that checkmark is left unchecked. I just need to figure out where to get this certificate from. I talked to the help desk again, and still they claim no certificates are needed. In the Protected EAP Properties window on your PC, look for the certificate with the checkmark. That should be the one used by that wireless connection. Link to comment Share on other sites More sharing options...
Guest badbob001 Posted March 28, 2008 Report Share Posted March 28, 2008 There is not one with a check mark since the certificate was created in house. Windows can not validate it, so that checkmark is left unchecked. I just need to figure out where to get this certificate from. I talked to the help desk again, and still they claim no certificates are needed. Maybe if you check to validate the server certificate you will get more information about the certificate itself? Or when you're on the network, see if you can access https://ias.cssd.pitt.edu. If you're lucky, they have IIS running that is using the same certificate as the IAS server used for PEAP authentication. Or find a Macintosh user? Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now