Subscribe To RSS Feed

 Subscribe in a reader

Select your Text:

Wednesday, 3 December 2008

Disable Security Certificate Windows Mobile (WM) WiFi - How to/Guide

I recently purchase a new Windows Mobile (WM) smartphone. The BenQ E72 (WM6 Standard) is not the greatest but this is not what this post is about (although a full review will be forthcoming).

My main gripe was that I could not use the WiFi at the university I study at (The University of Dundee, Scotland).
I have previously had an XDA Orbit with WM6 Pro which used to work with the WiFi and then stopped and I did not have time to pursue this.
With my new smartphone I gave it another go. No luck again.
But Steve managed to get the WiFi hooked up in the Harris building on campus. But I could not get it to work thereafter...anywhere else and neither could he.

Now, the University uses WPA2 Enterprise (which requires user name and password as well as a security certificate by default) and requires you to modify the EAP Type EAP-TTLS/MSCHAPv2 and untick the Validate the Security certificate box when setting up your laptop etc to connect to the WiFi.

If you tried to do this on your Windows Mobile based device, you hit a wall. There are no options in the WiFi for WM setup to modify these settings.
But no mater you are going to try and connect anyway.(I drained my measely battery several times doing this).
More problems - you keep getting error messages.
Well like any number of people usually I just ignore the errors and try to get out (not always the best thing especially when they use inverse statements to catch you out).
But lately with using Linux as my main OS, I have been paying attention to errors as they give you a big clue to a solution.
This one was simple. WM kept trying to validate a security certificate which it could not do.
And also notice that the instructions from the University unticks this option.

This brings us to the solution: disable the security certificate checking.
As for the PEAP type, this can also be changed but was not necessary in this case so I will not go into it. I assume that the network sets the PEAP type by itself as long as this option is selected.
(I will admit here that I did not come to the solution immediately, I actually spent time searching if other people were having similar problems and their solution).

The method involves a registry hack. I am quite sure this will work for WM5, 6 and possibly PPC 2003. Not too sure about WM6.1 as I don't have a device with this but it should.. (PS only tested with WM6)
Now don't be scared of modifying the registry. If you have created a backup first and not scared to lose some data if you brick your device. (If you do brick the device the easiest step to restore is to do a Hard Reset).

  1. Download a registry editor for your WM device. In this case we use CeRegEditor. Download and install.
  2. Hook up your device to a PC through ActiveSync.
  3. Open up CeRegEditor and you will be presented with the screen below:
  4. Click connection and connect or press F1. This will connect up to the device and the registry classes will appear to the left as below:
  5. You then need to navigate to [\HKLM\Comm\EAP\Extension\25\].
  6. Click the + next to HKEY_LOCAL_MACHINE, then + next to Comm, then + next to EAP, then Extension then double click on the 25 folder.
  7. You should see the following:
  8. Now its a simple matter of adding the appropriate registry entry to disable the validation of the certificate. You will notice that this entry is already present at the bottom in the above picture.
  9. To add the entry inside the 25 folder click Add DWORD value... shown below:
  10. When you are presented with the window add the following: in the Value name field add "ValidateServerCert" without the quotation marks. In the Value data field add 0 (zero), as long as decimal is selected. (If you choose hexadecimal you will have to input 8 zeroes.) This should look like below:
  11. Click OK to accept the dword entry and this will appear inside folder 25 (or the registry key) as shown in the picture from step 8.
  12. Now click File --> Save from the menu bar to save the registry.
  13. Then Connection --> Exit to exit the program.
  14. All done.
You can now disconnect your device from the PC and restart/ soft-reset the device..

And finally go through your WiFi set up process as usual and put in your user name and password as required.

The settings that worked for me at the University of Dundee:
  1. First set up screen - Network Name: UoD_WiFi ; Network Type: Internet. Nothing else checked (ticked).
  2. Second set up screen - Authentication : WPA2 ; Data Encryption : AES. Tick "The Key is automatically provided".
  3. Final set up screen - Tick use IEEE 802.1x network access control. EAP Type - PEAP. (I am not too sure why the 802.1x access control is ticked as I am sure this can be unticked but the WiFi connection to the University is working this way so I left it alone.
  4. Select Finish and select the UoD_WiFi connection and connect.
  5. You will be asked for user name and password. Use your normal ones and that's it you should be able to connect.
For other users you might need to do other things such as make the connection to be only EAPMSCHAPv2 etc. The registry values below might be helpful. I do not know what all the values do so use at your own risk.

EAPMSCHAPv2 Only - "EAPMSCHAPv2Only"=dword:00000001
"InteractiveUIPath"="eaptls.dll"
"Path"="eaptls.dll"
"ConfigUIPath"="eaptls.dll"
"InvokePasswordDialog"=dword:00000001
"InvokeUserNameDialog"=dword:00000001
"FriendlyName"="PEAP"

Resources:
http://forum.xda-developers.com/showthread.php?t=283380
http://mobilitytoday.com/forum/showthread.php?t=10412

Disclaimer


Posted by Selective Apathy... at 13:43
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)