Does the np1 support "do not validate" certificate on enterprise networks?
This is something that is a bit of a deal breaker for me and why I'm still on an old oneplus
I've attached a screenshot of the setting I'm referring to.
Thanks all!
There are only two options under CA certificate
1. use system certificate
2. install certificate
Invador0007 said:
There are only two options under CA certificate
1. use system certificate
2. install certificate
Click to expand...
Click to collapse
Bummer! Looks like I won't be able to use wifi at my workplace.
Thank you for the info though! It's appreciated!
Related
Hi,
I want to connect my qtek 9100 on the 802.1x WLAN of my school (ETHZ). It has not been possible yet, although i spent an hour with a person from the tech support of the school.
The problem comes from the very specific configuration that I cannot set on the Qtek 9100!
I need to uncheck the "validate server certificate" option, which is by default for PEAP authentication, something easy to do on a normal windows machine. But the problem is, there is no way to disable this on the qtek 9100 in any "properties" tab, and it therefore complains that the server certificate is not valid, and then refuses to connect!
HOW could I disable "validate server certificate"?? using the registry??
With the person from the tech support we managed to find somehow the registry keys linked to this option in Windows. But of course these keys dont exist on the qtek 9100 in Windows Mobile 5...
Please, is there some expert with some better idea?
Thanks
Fabrice
I havent found a way to do it so far. No various configurations nor random 3rd party software worked on WM5 properly.
This issue is more interesting when consider that htc universal offers LEAP ( which would do work as well ) and wizard dont!
http://forum.xda-developers.com/viewtopic.php?t=42664
From what I can gather you will need a root certificiate. Still trying to get to the bottom of this though.
it seems that AKU2 allows us to use LEAP which already would do the thing! I'll test in on friday and let you know!
i found some useful info on the net, but have not yet tested them on my MDA Vario:
there seem to be 3 possibilities:
1: you retrieve the root certificate from your techie friend at your university and place it in the designated folder on your ppc.
Click to expand...
Click to collapse
2: you add a DWORD 0 at HKLM\Comm\EAP\Extension\25\ValidateServerCert (http://www.modaco.com/How_to_set_a_wifi_network_to_use_a_certificatel-t237261.html)
Click to expand...
Click to collapse
3: Hkey_Current_User\Software\Microsoft\ActiveSync\Partners
Here you should notice 2 sub-keys, both with a unique UID. One is set up for the ActiveSync Partnership with your PC, the other is set up for the partnership with your Exchange server. Fortunately, it is fairly easy to distinguish between the two. Simply highlight one of them, and look at the different values. You'll see pretty quickly which one is for your Exchange server. While the partner key for your Exchange server is highlighted, create a new value with the following parameters
Type: DWORD
Name: secure
Value: 0 (http://winzenz.blogspot.com/2006/03/hacking-your-windows-mobile-50.html)
Click to expand...
Click to collapse
authors of points 2 and 3 differ from opinion, but I cannot say which is best, perhaps someone else has an opinion?
predo said:
it seems that AKU2 allows us to use LEAP which already would do the thing! I'll test in on friday and let you know!
Click to expand...
Click to collapse
Hi Predo,
Have you been able to get LEAP to work using AKU2??
Lot of inquiries present on the net, but no clear answers.....
Thx,
Mak
This is what I would do.
This can be easily done from a PC, because you can get a temporary trust from the authentication server which gives you the option to install the root on your PC. Export the root cert from your laptop/PC and copy it over to your mobile device. Once the root.cer is on the wizard just open up file explorer and double tap it the cert will auto install.
Problem solved
I wouldn't use LEAP or even PEAP without validating the server cert. Especially in a hostel environment like a university, which is full of hacks. Associating to an AP without validating certs sets you up for man in the middle.
The only advantage LEAP or Fast EAP (if it were supported) is for roaming. The wizard would also have to support CCX v3. You can get this CCX v3 support by purchasing Funk (now Juniper) Odyssey client, which is $50. When using LEAP or Fast EAP it allows the use of CCKM (fast roaming).
Oh yeah, the odyssey client supports PEAP with the option to not validate the server cert.
hi, i dont know why is that but after upgrading software to new aku2.0 rom ( imate afair ) i started to be able to connect to my university wlan with no problems. Only thing is there i have nothing added in leap tab in network properties.
Anyway, it works so i'm not playing with settings anymore ;-)
Has anyone been able to setup ther TYTN to use PEAP under 802.1x, to use authication through AD, I get an error when trying it cannot log onto the wireless network. This network requires a personel certficate to positvely identify you, we don't use personel certs, its works fine from my pc.
shark1 said:
Has anyone been able to setup ther TYTN to use PEAP under 802.1x, to use authication through AD, I get an error when trying it cannot log onto the wireless network. This network requires a personel certficate to positvely identify you, we don't use personel certs, its works fine from my pc.
Click to expand...
Click to collapse
You might not know about your certificate, but you probably do have one. Your admin can set up auto enrollment for certain certificates, so the whole process would be invisible to you.
Depending on how much rights you have on your machine, you could try to export your personal cert and import it into your TyTN. Try doing this with "mmc.exe", then add the "certificates" snap in (choose user category) and have a look at your "personal" certificates.
Not sure how to proceed from then on, though - i.e. I don't know if it's possible to use a cert for wifi authentication with a WM5 device.
You might not know about your certificate, but you probably do have one. Your admin can set up auto enrollment for certain certificates, so the whole process would be invisible to you.
Depending on how much rights you have on your machine, you could try to export your personal cert and import it into your TyTN. Try doing this with "mmc.exe", then add the "certificates" snap in (choose user category) and have a look at your "personal" certificates.
Not sure how to proceed from then on, though - i.e. I don't know if it's possible to use a cert for wifi authentication with a WM5 device
Click to expand...
Click to collapse
Thanks for this, I got my Network admin to give me rights the get a personel cert, and now it works fine.
shark1 said:
You might not know about your certificate, but you probably do have one. Your admin can set up auto enrollment for certain certificates, so the whole process would be invisible to you.
Depending on how much rights you have on your machine, you could try to export your personal cert and import it into your TyTN. Try doing this with "mmc.exe", then add the "certificates" snap in (choose user category) and have a look at your "personal" certificates.
Not sure how to proceed from then on, though - i.e. I don't know if it's possible to use a cert for wifi authentication with a WM5 device
Click to expand...
Click to collapse
Thanks for this, I got my Network admin to give me rights the get a personel cert, and now it works fine.
Click to expand...
Click to collapse
Glad to hear that. Hm, that means that the TyTN can use a cert for WiFi authentication? Good to know
Recently installed ZoneAlarm firewall on the pc, and its completely knackered the ActiveSync capability.
The device is "connected" and is seen and authenticated, but then hangs on the actual sync of the data.
Can anyone offer any recommendations?
Ta
MDA
Add AS to trusted zone in firewall settings and then set security level to medium for the trusted zone.
The best solution is: Don't use ZoneAlarm
And remember: There are also _good_ products out there...
jompao said:
Add AS to trusted zone in firewall settings and then set security level to medium for the trusted zone.
Click to expand...
Click to collapse
thanks - all sorted now.
lutzs said:
The best solution is: Don't use ZoneAlarm
And remember: There are also _good_ products out there...
Click to expand...
Click to collapse
not hugely helpful to be honest. ZoneAlarm was a free download and does the job for me so I am not looking to replace it.
MDA
Hi
This link would help:http://www.pocketpcfaq.com/raj/ZA4x.html
At work when I connect to the wifi, and go to the browser I get a popup saying to accept the certificate or something, then the website redirects to a cisco page where there is an accept button I need to press. After clicking it, then I get redirected to google.
Is there a way to save this certificate or something to bypass this process?
You can (supposedly) install certificates from the Locations & Security settings page after setting a password for the certificate store
ok, so I see the credential storage section of location & security. The choices not grayed out are:
Install from USB storage
Set password
Any idea's what to do next?
I haven't done it on the Xoom so I'm not sure. Motorola does have a guide, but it is awfully vague:
https://motorola-enterprise.custhelp.com/app/answers/detail/a_id/57093
ยท Go to Wi-Fi setup to enable and use the installed certificate.
Click to expand...
Click to collapse
I have searched high.. and I have searched LOW... and I can find no solution for this problem:
}{Alienz}{ said:
Well the thing is I tried several browsers.
1. The default one that comes with Android
2. Opera mini
3. DolphinHD
All same thing. I'm now going to test with a beta build of Firefox for android (fennero was it called I forget) but its SUCH a stupid thing to not work. Every other device WORKS. Blackberries, Iphones, tablets, laptops....everything.
EDIT: The EXACT error I get is:
"There is a problem with the security certificate for this site. This certificate is not from a trusted authority." I get this AS it attempts to load the redirect login page (both university and at work now). Same issue. It's browser/certificate related. And its ANNOYING as hell.
EDIT 2: Found the problem. It's that stupid certificate.
"This is a result of your corporation using an in house Certificate Authority to provide SSL encryption on your mail server and clients.
Basically....the computer that issued the certificate isn't trusted by the android phone. I'm new to android so I'm not sure if you can add a trusted CA (I haven't seen any options for it).
I don't know about future updates like the above poster mentioned.
Most companies will purchase a certificate from one of the major Certificate Authorities on the internet, which are pre-programed into most operating systems to be trusted. Internal CA's are trusted by the domain environment at your work, but not by anyone else. External (Internet) CA's are trusted by everyone.
if you want an example, open up IE (gross I know) and go to your options. Click the content tab, then there should be a button label certificates. inside the certificates window select Trusted Root Certification Authorities.
That is a list of all the builtin trusted CA's provided by Microsoft and the companies that govern the internet. "
I STILL have no idea how to fix it and to make the phone accept the certificate though.
EDIT 3: Fennec (Mozilla Firefox for Android beta) managed to pull up the login page for my work network. Not sure if it will work for the university yet.
Click to expand...
Click to collapse
I can't use firefox because the Galaxy 3 isn't supported. (Hence, why I'm asking in the Galaxy 3 section.)
But there MUST be a way to accept a simple TOS.
Maybe an AP? Or a script that can be written?
I've rooted my phone... Maybe I can find a way to add the McDonald's certificate?
HELP!
Oh come now..
Sixty views, somebody could at least take a JAB at it.
TeamRainless said:
Oh come now..
Sixty views, somebody could at least take a JAB at it.
Click to expand...
Click to collapse
Alright the hell with it... I'LL take a jab at it:
I can't load the McDonald's site because Android doesn't like their certificate. So all I should have to do is add the McDonald's certificate to the list of sites that Android accepts and it should be sugar in the gas tank right?
So where is this list held?