Enable WiFi PEAP Authentication with privately signed server certificates issue - 8525, TyTN, MDA Vario II, JasJam General

Enable WiFi PEAP Authentication with privately signed server certificates
WM5 happily allows PEAP Authentication over WiFi, but it doesn't provide the check box that XP does to (un)select "Authenticate the server certificate". If your PEAP authentication server isn't signed with a pricey "official" certificate, WM5 will refuse to connect with an error message about not recognizing the server's certificate.
To force WM5 to accept the PEAP server's certificate without attempting any other validation, add the following registry key:
[\HKLM\Comm\EAP\Extension\25\]
"ValidateServerCert"=dword:00000000
I added this registry key and it is not working. What am i doing wrong?

Related

Trying to connect to a secured network

I'm trying to connect my xda to a wpa tkip network at college.
When I'm trying to configure the network, I set EAP type to PEAP and click on properties but i get the error message "Cannot log on to the wireless network. This network requires a personal certificate to positively identify you".
I've asked the technicians here and they told me they havent been able to set up their ppc, and so couldn't help.
Any help would be appreciated.
P.s. this might be of relevance. the laptop setup guide tells me to set 'Select Authentication Method' to 'Secured password(EAP-MSCHAP v2)'
When you select PEAP, you should click the Properties button and set the Authentication Method to MS-CHAPv2. The default is Certificate, and you don't have one installed.
thanks for the reply wifihack.
the problem is that I can't access the properties option. As soon as I click the properties button i get the error "Cannot log on to the wireless..." and i cant get into the next window.
Any further ideas would really help.
iceze
ridan said:
thanks for the reply wifihack.
the problem is that I can't access the properties option. As soon as I click the properties button i get the error "Cannot log on to the wireless..." and i cant get into the next window.
Any further ideas would really help.
iceze
Click to expand...
Click to collapse
Did you ever find a solution? I am having the same problem.
I found the following reply :
http://mobilitytoday.com/forum/showthread.php?t=10412
It works fine for me even though I'm runing WM6 on Dopod P800W.
Credit to [email protected]
How to disable 'Validate Server Certificate' in WM5
-------------------------------------------------------------------
I strugled with this for days, and finally found the answer. I know this is old thread, but might help someone else. You have to "hack" it in with a reg editer, but is easy:
Enable WiFi PEAP Authentication with privately signed server certificates
WM5 happily allows PEAP Authentication over WiFi, but it doesn't provide the check box that XP does to (un)select "Authenticate the server certificate". If your PEAP authentication server isn't signed with a pricey "official" certificate, WM5 will refuse to connect with an error message about not recognizing the server's certificate.
To force WM5 to accept the PEAP server's certificate without attempting any other validation, add the following registry key:
[\HKLM\Comm\EAP\Extension\25\]
"ValidateServerCert"=dword:00000000
vvowovv said:
I found the following reply :
http://mobilitytoday.com/forum/showthread.php?t=10412
It works fine for me even though I'm runing WM6 on Dopod P800W.
Credit to [email protected]
How to disable 'Validate Server Certificate' in WM5
-------------------------------------------------------------------
I strugled with this for days, and finally found the answer. I know this is old thread, but might help someone else. You have to "hack" it in with a reg editer, but is easy:
Enable WiFi PEAP Authentication with privately signed server certificates
WM5 happily allows PEAP Authentication over WiFi, but it doesn't provide the check box that XP does to (un)select "Authenticate the server certificate". If your PEAP authentication server isn't signed with a pricey "official" certificate, WM5 will refuse to connect with an error message about not recognizing the server's certificate.
To force WM5 to accept the PEAP server's certificate without attempting any other validation, add the following registry key:
[\HKLM\Comm\EAP\Extension\25\]
"ValidateServerCert"=dword:00000000
Click to expand...
Click to collapse
I have tried this with WM 6.1 but I havent been able to test. not sure if I should use the quotation marks or not, but I will try both ways.
iceze said:
I'm trying to connect my xda to a wpa tkip network at college.
When I'm trying to configure the network, I set EAP type to PEAP and click on properties but i get the error message "Cannot log on to the wireless network. This network requires a personal certificate to positively identify you".
I've asked the technicians here and they told me they havent been able to set up their ppc, and so couldn't help.
Any help would be appreciated.
P.s. this might be of relevance. the laptop setup guide tells me to set 'Select Authentication Method' to 'Secured password(EAP-MSCHAP v2)'
Click to expand...
Click to collapse
I connect to a secure network too (WPA2/AES/PEAP) and the only way I could get it working was - my network administrator had to create a certificate file and email it to me (it is a file with extension .cer) which I saved on the PDA, located it through the File Explorer, clicked on it and the certificate got installed (I can see it if I go to Settings->System->Certificates) and then created the entry in Setting->Connections->Wifi->Add New.
vvowovv said:
I found the following reply :
http://mobilitytoday.com/forum/showthread.php?t=10412
It works fine for me even though I'm runing WM6 on Dopod P800W.
Credit to [email protected]
How to disable 'Validate Server Certificate' in WM5
-------------------------------------------------------------------
I strugled with this for days, and finally found the answer. I know this is old thread, but might help someone else. You have to "hack" it in with a reg editer, but is easy:
Enable WiFi PEAP Authentication with privately signed server certificates
WM5 happily allows PEAP Authentication over WiFi, but it doesn't provide the check box that XP does to (un)select "Authenticate the server certificate". If your PEAP authentication server isn't signed with a pricey "official" certificate, WM5 will refuse to connect with an error message about not recognizing the server's certificate.
To force WM5 to accept the PEAP server's certificate without attempting any other validation, add the following registry key:
[\HKLM\Comm\EAP\Extension\25\]
"ValidateServerCert"=dword:00000000
Click to expand...
Click to collapse
yeeeeeeees!!!
It works on wm6.1.
Thank you so so so much!!
Thanks a lot.
nicktgr15 said:
yeeeeeeees!!!
It works on wm6.1.
Thank you so so so much!!
Thanks a lot.
Click to expand...
Click to collapse
I tried this. It does not work for me on my HTC touch diamond WM6.1.
Is it add a new registry "key" or just a dword value under "25"???
Apple Airport WPA2 Personal, HTC Hermes wm6.1
Didn't work for me with Hermes and PDAVIET 6.1.
I have an Apple Airport and use WPA2 Personal. laptops connect without problem but not my hermes. It says "connecting" but eventually my (hidden) network is listed as "unavailable".
Does the registry edit work for windows mobile 6 on an at&t tilt? Thanks
Cannot log on to the wireless network. This network requires a personal certificate t
Tried the regedit option but still getting the same error message.
hey guys, did not know if anyone ever found a solution to this. exact same thing happens to me wheb trying to connect to my college network. my iphone never had a problem connecting to this network..
hmmm
Using Windows Mobile 6.5.3. Got my wifi working with these instructions:
modernnomads.info/wiki/index.php?page=Connecting+to+a+business+network
(Please prefix http part)
Since I am using Airtel DSL, I imported the "Airtel Secure WiFi Certificate Authority" certificate and rebooted the phone. Working fine since then.
Thanks for the info, guys !! Thumbs Up !!
Maybe you can connect to it on your laptop and get the certificate from there and then put it on your phone and install it on there

Does Hermes support AES-CCMP EAP PEAP MSCHAPv2 CA validation auth key mgt 802.x?

We have having difficulties connecting to WiFi with the Hermes.
Our WiFi platform requires support of
WPA2 AES-CCMP EAP PEAP MSCHAPv2 CA validation auth key management 802.1x
According to Microsoft support both Windows Mobile 5 (AKU 0.3 and newer) and Windows Mobile 6 Operating Systems are capable of supporting this, but the question is whether the Hermes WLAN Host Controller chip and driver(s) support it.
We don't seem to get anywhere with Dopod / HTC support on this ... so I was wondering whether anyone here in the Forum can confirm or deny whether this is supported, thanks.
AES-CCMP EAP PEAP MSCHAPv2 CA validation auth key mgt 802.x?
I am copying/pasting this from my post on MSDN. I worked on this problem for days and i'm quite frustrated that Microsoft did not fix it right out of the box. I'm not sure how much it will help but hopefully it will get you connected or at least point you in the right direction. It seems to be centered around some missing or incorrectly configured registry keys:
---------------------------------------
Greetings,
I am using a similar system and I was able to get my Windows Mobile Pro 6.1 (HTC Mogul) to work after 3 days of troubleshooting. Thanks goes to Tom_HHA above who commented on the EAP extention number (25 vs 26) and to IANA for their help publishing the applicable RFCs.
http://www.iana.org/assignments/eap-numbers
Below is my configuration. It may or may not be applicable to your situation but it may help get you connected.
Tom_HHA commented that after pressing FINISH he was prompted for he username, password, domain repeatedly.
"The device ask for a domain username/password but keeps redisplaying the prompt after 5sec or so"
I do not have a complete understanding of why but after making the necessary registry changes I was also prompted for my username/password repeatedly. I entered the password once, checked the "save password" box and just kept pressing OK until the window went away. I *suspect* (although I could be terribly wrong) that WM is attempting the connection using various adapters until it finds one that works. If anyone from Microsoft can help explain why pressing OK once causes the prompt to reappear but pressing OK several times leads to a successful connection? I also would like some additional clarification about the "network adapters" tab, how to use that tab and what effect that has on the existing connections. My currently highlighted adapter is PPTP NDISWAN Miniport but I strongly suspect the highlighted adapter is not indicitive of what adapter is actually being used.
If anyone has any difinitive answers then I would appreciate sharing of knowledge.
REGEDIT4
[HKEY_LOCAL_MACHINE\Comm\EAP\Extension]
[HKEY_LOCAL_MACHINE\Comm\EAP\Extension\26]
"ValidateServerCert"=dword:00000000
"InteractiveUIPath"="eapchap.dll"
"Path"="eapchap.dll"
"InvokeUserNameDialog"=dword:00000001
"InvokePasswordDialog"=dword:00000001
"FriendlyName"="MSV2-Challenge"
[HKEY_LOCAL_MACHINE\Comm\EAP\Extension\4]
"Path"="eapchap.dll"
"InvokeUserNameDialog"=dword:00000001
"InvokePasswordDialog"=dword:00000001
"FriendlyName"="MD5-Challenge"
[HKEY_LOCAL_MACHINE\Comm\EAP\Extension\25]
"ValidateServerCert"=dword:00000000
"EAPMSCHAPv2Only"=dword:00000001
"InteractiveUIPath"="eaptls.dll"
"Path"="eaptls.dll"
"ConfigUIPath"="eaptls.dll"
"InvokePasswordDialog"=dword:00000001
"InvokeUserNameDialog"=dword:00000001
"FriendlyName"="PEAP"
[HKEY_LOCAL_MACHINE\Comm\EAP\Extension\13]
"FriendlyName"="Smart Card or Certificate"
"IdentityPath"="netui.dll"
"ConfigUIPath"="netui.dll"
"InteractiveUIPath"="netui.dll"
"Path"="eaptls.dll"
Add a network:
Network Name: (your ssid)
Connects to: Work
This is a hidden network: Checked
Configure Network Authentication:
Authentication: WPA
Data Encryption: TKIP
Key Provided Automatically: Checked
Configure Network Authentication: (screen #2)
Use IEEE 802.1x network access control: Greyed out and checked
EAP Type: PEAP
(I did not click on the Properties button - just click FINISH)
Edit/Delete Message
hi
i wrote my 802.1x problem here
will these registry settings solve ?

wi-fi problem

I have a O2 XDA-EXEC Pocket PC to take advantage of our WiFi network at work. I am having problems setting up my WiFi connection and cannot seem to find out what to do to resolve.
When using my laptop wifi connect I set up the following
My network name (iiscwlan)
Authentication WPA
Data Encryption TKIP
802.1x EAP Type as PEAP.
Then under configuration of PEAP I uncheck Validate Server Certificate and all connects perfectly
TO KNOW MORE DETAILS ABOUT THIS CONNECTION VIST http://www.serc.iisc.ernet.in/LAPTOP_ WN_conf.htm
With the O2 XDA-EXEC I do the same but there is no configuration setting under PEAP to enable me to uncheck Validate Server Certificate. Every thing I do while attempting to connect using the O2 XDA-EXEC I get the following error messages:
Server Validation Error - The server certificate is issued by an unknown authority
and
Cannot log on to the wireless network. This network requires a personal certificate to positively identify you.
Does anyone have any idea how to disable validate server certificate under Windows Mobile 5.0???
plzz help me with this problem i do lot of my work with wi-fi ...........................
Upgrade ROM to WM6
is there an option to diable validate server certificate in WM6
Yes there is.
how can i upgrade to wm6
Jazzamataz said:
Yes there is.
Click to expand...
Click to collapse
Where is the option in WM6.0? I can't get to it
vickydada said:
how can i upgrade to wm6
Click to expand...
Click to collapse
You can search for some threads about this. But not here.
ranger47 said:
Where is the option in WM6.0? I can't get to it
Click to expand...
Click to collapse
I'd like to see where this is also? With PEAP (or EAP-TLS) you only get the option to select a Client Certificate. When it attempts to connect you do get a dialogue box to login with a Username, Password & Optional Domain, however I don't see anywhere to disable the verification of the Server Certificate?
Andy
ADB100 said:
I'd like to see where this is also? With PEAP (or EAP-TLS) you only get the option to select a Client Certificate. When it attempts to connect you do get a dialogue box to login with a Username, Password & Optional Domain, however I don't see anywhere to disable the verification of the Server Certificate?
Andy
Click to expand...
Click to collapse
Turns out you have to add a reg key:
\HKLM\Comm\EAP\Extension\25\ValidateServerCert=dword:00000000
Look in the wiki for who to add them if you dont know how.

EAP TTLS PAP authentication

I have written a WiFi client that supports OPEN and Preshared key networks, and am trying to add EAP TTLS PAP authentication. The Android WifiConfiguration class has settings for supporting preshared keys, but I don't see how to set the various fields for EAP TTLS PAP, such as inner and outer identity, password.
Has anyone tried to do this?
pliaw said:
I have written a WiFi client that supports OPEN and Preshared key networks, and am trying to add EAP TTLS PAP authentication. The Android WifiConfiguration class has settings for supporting preshared keys, but I don't see how to set the various fields for EAP TTLS PAP, such as inner and outer identity, password.
Has anyone tried to do this?
Click to expand...
Click to collapse
I have the same problem, my friend has an Eris that has all the additonal config parameters you mentioned (inner/outer tunnel, etc...)

Authentication type bug detected in TF101G

Hi all.
I have detected a bug in authentication type option when configuring a new APN for 3G connection.
In my company, mobile devices connect via 3G connection to corporate network resources. The authentication is provided by our corporate RADIUS server. For reasons not related to this issue, the RADIUS server only provides PAP authentication.
So I have set in TF101G's APN configuration username and password and entered PAP authentication type, but I cannot access to my network resources behind APN.
I have obtained some log and sniffer traces from our corporate RADIUS server where I can observe that TF101G always tries to authenticate using CHAP. So that's the reason why authentication fails.
I've also tested it with samsung smartphones and tablets and it works Ok!!
So I would be pleased if you could verify this same behavior in TF101G. But you would need to obtain sniffer traces from authentication process to verify.
Please, could you confirm this behavior?
Many thanks in advance and best regards,
Ernesto.
sometimes my lips get CHAPPED
Don't worry about that. Wikipedia is up again:
en[dot]wikipedia[dot]org[slash]wiki[slash]Chapped_lips
Best regards,
Ernesto.

Categories

Resources