wpa2 enterprise - obtaining a certificate?

[ynohtna]

I've been trying to get my wife's phone set up on her university network and all the research I've seen about wpa2-enterprise is that a certificate is needed. For some reason the certificate doesn't auto download for the phone and IT doesn't have a clue about a certificate.

I have a laptop that connects fine. My question is, how do I get the cert off my laptop? I imagine it's a file even when 'installed' on the laptop?

Thanks!

 

[stevech]

Certificate is needed if you accidentally have 802.1X (RADIUS) authentication enabled. Some versions of Windows have it enabled by default. It's buried in the advanced tab of the WiFi config via the Control Panel/network devices.

 

[overdrive31]

What phone?

 

[ynohtna]

What phone?

Nokia E5

Trying to hook it up to her work network which is wpa2-enterprise


stevech, I think were not talking about the same thing.

 

[overdrive31]

Seems Symbian devices have the wpa supplicant to handle 802.1x built in.

Try the information provided in these links.

http://tech.givemethe.net/node/2

http://www.it.ubc.ca/service_catalogue/internet_telephone/wireless/wpa/ubcsecure_symbian_60.html

Nokia phones however don't update their Root Certs like other phones and PC's. You can obtain the school's Cert listed under Intermediate Certificates on one of the domain workstations and upload it to the phone.

 

[thiggins]

Can't you get help from the University's IT help desk? This can't be a unique problem.

 

[ynohtna]

yea the work IT guys are not going to support anything that's not official I guess... It's kind of limiting but it absolves them of responsibility.

I was combing through the wifi AP settings on the laptop and saw the section for certificates and it's thawte premium security ca or something. The phone has the same one! So I guess a certificate file is not needed? I also saw settings for the authentication server I guess? I put that in the "Realm" section of the phone.

There's is a user/pass log in when they access the wireless so and I know mschap v2 is used. I'm just not sure what PEAP version is in place. The phone lists V0, V1, V2... and V2 was not enabled. I've enabled all 3 but I prefer to have it explicitly set and others.

Anyways, I'm hoping everything is manually configured properly and will just work lol

Any other thoughts from what I just posted? Is my assumption about the certificate correct?

Thank you

 

[overdrive31]

Try with just PEAP V0, it uses MSCHAP v2.

PEAP V1 uses EAP-GTC and is rarley used(not even Windows latest client OS' have support for it).

If everything was there to begin with, what prevented it from connecting? Was it Active Directory not allowing both laptop and phone to authenticate as the same user?

 

[ynohtna]

Thanks for working through the thought process with me!

The problem was there was no error messages coming from the phone, so had no idea what the problem was. I put it down to PEAPV0 only and unchecked the other... re-entered the log in info (username instead of domain\username) and my wife proclaimed she was able to surf the internet on her phone!

So it looks like it was simply a matter of knowing what to put. It's stupid that in today's time, it couldn't be auto config'd on the phone!