Search Discussions:
Advanced Search...
Welcome to Nokia Support Discussions! Here you can share advice and tips with thousands of other Nokia users around the world in English. Many Nokia employees also follow and participate in the discussions, see our guidelines for more information. Everyone can search and read the discussions, but to post your own question or reply to others, simply sign in with your Nokia account. If this is your first time here, you can choose an alias to represent you. And if you don't have a Nokia account yet, please register.
Reply

Re: WPA enterprise on N9

New Member
olesalscheider
Posts: 1

WPA enterprise on N9

[ Edited ]

Hello,

when I try to connect to my university network (WPA enterprise) with my N9, it asks me for a password for their certificate.

It uses WPA2, TTLS PAP and a certificate. I installed the certificate chain and can view them in Settings -> Security -> Certificates.

Do you have any idea what the password for the certificate is? My university says that there should not be any.

I tried to select the certificate in Settings -> Security -> Certificates and to click on the bottom right button and then "Change password" but it just gives me "Keine" (none) in a small box at the top.

Thanks in advance

Ole

 

PS: I just saw there is a Meego section, too, sorry.

Please use plain text.
New Member
eifachenname
Posts: 4

Re: WPA enterprise on N9

Same problem for me.
Please use plain text.
Counsellor
rahulthewall
Posts: 59

Re: WPA enterprise on N9

Same problem for me, can someone help us out?

Please use plain text.
Advisor
Nomz
Posts: 22

Re: WPA enterprise on N9

same here:smileysad:

Please use plain text.
Advisor
laatikko
Posts: 12

Re: WPA enterprise on N9

And here.
Please use plain text.
Contributor
juhanima
Posts: 9

Re: WPA enterprise on N9

If the WiFi setup doesn't require a user certificate, you should select "None" for a certificate when defining the connection. The CA certificate(s) you installed earlier are used automatically as long as they are enabled for WiFi usage.

 

The connection dialog is supposed to show only actual user certificates to choose from, but it is a known bug in the current N9 FW that if you install something that is not a CA certificate it is taken for a user certificate by default and shown as an option in the connection dialog. The bug will be fixed in the next FW update I believe.

 

On the other hand, if the connection does require a user certificate you should have received one from the network's administrator in a PKCS#12 package with a password. You need the password when installing the package and later when using the private key related to the user certificate. But it sounds like this is not the case, so just select "None".

 

Hope this helps.

Juhani Mäkelä

Harmattan certificate manager maintainer

Please use plain text.
Counsellor
rahulthewall
Posts: 59

Re: WPA enterprise on N9


juhanima wrote:

If the WiFi setup doesn't require a user certificate, you should select "None" for a certificate when defining the connection. The CA certificate(s) you installed earlier are used automatically as long as they are enabled for WiFi usage.

Here are the settings for the network for a Nokia N82. Maybe, this will help shed some light on the issue. FYI - I could not make these settings work for my Nokia N8 as well. The IT help desk says they are unable to solve the issue. :smileyhappy:

 

 


juhanima wrote:

The connection dialog is supposed to show only actual user certificates to choose from, but it is a known bug in the current N9 FW that if you install something that is not a CA certificate it is taken for a user certificate by default and shown as an option in the connection dialog. The bug will be fixed in the next FW update I believe.

 

I have only installed one CA certificate (the one which can be found at the link I provided above). It does not ask for any password when I install it.  When I go to Certificate Manager and try to change the password it informs that there is no password for the certificate. 

 


juhanima wrote:

On the other hand, if the connection does require a user certificate you should have received one from the network's administrator in a PKCS#12 package with a password. You need the password when installing the package and later when using the private key related to the user certificate. But it sounds like this is not the case, so just select "None".

 

Hope this helps.

Juhani Mäkelä

Harmattan certificate manager maintainer

 

So I did choose "None" as certificate. EAP Type - PEAP and EAP MSCHAPv2 as the EAP method. I could not connect to the network using these settings.  The certificate was installed at this point. If I try connecting using the certifcate it asks me for the password. So, right now, it is a problem connecting to the network. Would appreciate any help in this regard.

 

Cheers

Rahul

 

 

Please use plain text.
Contributor
juhanima
Posts: 9

Re: WPA enterprise on N9

rahulthewall wrote:
Here are the settings for the network for a Nokia N82. Maybe, this will help shed some light on the issue. FYI - I could not make these settings work for my Nokia N8 as well. The IT help desk says they are unable to solve the issue.

I'm sorry, I'm new at this forum and probably just don't know how it works, but where? I didn't see any link or attachment. Maybe I'm just using the wrong browser or OS (Firefox and Linux).

I have only installed one CA certificate (the one which can be found at the link I provided above). It does not ask for any password when I install it.  When I go to Certificate Manager and try to change the password it informs that there is no password for the certificate. 

Again I cannot see the link. But I got one from Bugzilla (yes, we have a bug open on your case) with subject "C=BE, O=Cybertrust, OU=Educational CA, CN=Cybertrust Educational CA", which sounds about right. That is based on the GTE Global Root which is pre-installed in the device and validates correctly.

The fact the the "change password" option is even visible for a CA certificate is another known bug. The CA certificate contains only public information and there is no reason why it should have a password.

So I did choose "None" as certificate. EAP Type - PEAP and EAP MSCHAPv2 as the EAP method. I could not connect to the network using these settings.  The certificate was installed at this point. If I try connecting using the certifcate it asks me for the password. So, right now, it is a problem connecting to the network

None is the correct choice and I don't think this is a certificate issue. The fact that N8 is also unable to connect on the other hand I find extremely interesting.

In your first message you said that the protocol is TTLS, which is a different thing than PEAP + MSCHAPv2. So please permit me to suggest trying all the different variants of the WPA-EAP despite the risk of sounding patronizing. If both N8 and N9 are unable to connect there is a chance that this is a systematic error in the Nokia EAP implementation. If so we would really like to get to the bottom of it, so please let me know how that worked out.

JuM

Please use plain text.
Contributor
juhanima
Posts: 9

Re: WPA enterprise on N9

Hello again!

 

Wait a minute, I think this might be a certificate issue after all. There is still another known bug related to the certificate installation which makes them sometimes go to the wrong place. This is how you can verify if that is the case and unless it is not too much to ask.

 

First you need to enable the developer mode to get a shell. It is done in Settings -> Security -> Developer mode. Once done, open the terminal and issue the following commands:

 

$ acmcli -p wifi-ca -L

$ acmcli -p wifi-user -L

 

The first command should output this text:

 

6565a33dd73b11a30a072537c9424a5b767750e1 Cybertrust Educational CA

 

...and the second command should not output anything.

 

If the result is the opposite, then that is the root cause. Unfortunately the bug is fixed only in the coming PR 1.2 so until then I'm afraid  you will not be able to use N9 to connect to this network. But let's see. After having done the test you can disable the developer mode again if you wish.

 

Cheers, JuM

Please use plain text.
Contributor
juhanima
Posts: 9

Re: WPA enterprise on N9

Guess who...

 

So I just couldn't go to sleep without getting a resolution to this.

 

Judging by the timestamp of your first message you installed the Cybertrust Educational CA with the original PR 1.0 firmware. And it probably went to the wrong wifi-user certificate domain since PR 1.0 had that bug and it appears as an option for a user certificate in the connection dialog which it shouldn't do.

 

Here are the good news: the bug seems to be fixed already in PR 1.1 which I hope has been made available already where you live.

 

To fix the situation all you need to do is just to install the certificate again, this time it should go to the right place. Before doing that you could also first remove the certificate from the wifi-user domain where it does not belong. Just select the certificate from the Settings -> Security -> Certificates and then "delete certificate".

 

If all goes well and the Gods are smiling there is a good chance that the network starts working. Please let me know!

 

Cheers, JuM

 

 

Please use plain text.
Counsellor
rahulthewall
Posts: 59

Re: WPA enterprise on N9

My bad and my apologies. Like the fool I can be, I forgot to post the link. Here it is: http://www.isg.inf.ethz.ch/ServicesNetworkMobilesNokiaN82

 

I am in Switzerland, PR 1.1 is not available yet. Let me enable developer mode, and see what these commands output. Get back to you soon. And thanks a lot for all the answers.

Please use plain text.
Counsellor
rahulthewall
Posts: 59

Re: WPA enterprise on N9


juhanima wrote:

Hello again!

 

Wait a minute, I think this might be a certificate issue after all. There is still another known bug related to the certificate installation which makes them sometimes go to the wrong place. This is how you can verify if that is the case and unless it is not too much to ask.

 

First you need to enable the developer mode to get a shell. It is done in Settings -> Security -> Developer mode. Once done, open the terminal and issue the following commands:

 

$ acmcli -p wifi-ca -L

$ acmcli -p wifi-user -L

 

The first command should output this text:

 

6565a33dd73b11a30a072537c9424a5b767750e1 Cybertrust Educational CA

 

...and the second command should not output anything.

 

If the result is the opposite, then that is the root cause. Unfortunately the bug is fixed only in the coming PR 1.2 so until then I'm afraid  you will not be able to use N9 to connect to this network. But let's see. After having done the test you can disable the developer mode again if you wish.

 

Cheers, JuM


The result is the opposite. So looks like I won't be able to use this network till PR 1.2 comes out, whenever that might be (seeing that I don't even have PR 1.1 right now. :smileyhappy: )

 

Thanks for the help.

Please use plain text.
Contributor
juhanima
Posts: 9

Re: WPA enterprise on N9

Ok, now we at least know what the problem is. And sorry for me being so incoherent, but the fix is really in PR1.1 after all, no reason to wait for PR1.2. More good news, according to this

 

http://talk.maemo.org/showpost.php?p=1125028&postcount=465

 

...PR 1.1 arrived in Switzerland yesterday. So please just update your phone and re-install the intermediate Cybertrust Educational CA and there is a good chance you can login to the network after that.

 

Cheers, JuM

Please use plain text.
Counsellor
rahulthewall
Posts: 59

Re: WPA enterprise on N9

Hi,

 

It seems that the update is not yet here for the 64GB N9. Though, it seems that it will arrive soon. Will update and then let you know, hopefully I would be able to connect to the network. 

 

Thanks

Rahul

Please use plain text.
New Member
eifachenname
Posts: 4

Re: WPA enterprise on N9

I found a solution (without certificate)

 

http://kb.mit.edu/confluence/display/istcontrib/Connect+your+MeeGo+Nokia+N9+to+MIT+SECURE+wireless

 

for me this works...

Please use plain text.
Counsellor
rahulthewall
Posts: 59

Re: WPA enterprise on N9

Wohoo, this works for my ETH connection as well. :smileyhappy:

Please use plain text.
Contributor
juhanima
Posts: 9

Re: WPA enterprise on N9

Ok, good to hear. So it was about the PEAP settings all the time. Have to remember that.

Please use plain text.
Contributor
juhanima
Posts: 9

Re: WPA enterprise on N9

[ Edited ]

Just wanted you to know that the instructions you posted here already helped others with their problems:

 

https://harmattan-bugs.nokia.com/show_bug.cgi?id=104

 

...an excerpt below. Big thanks to you on behalf of all fellow N9 users and especially of us Nokia drones and associates for helping us in the challenging task of making a decent smartphone!

 

JuM

 

Moderator Note: Personal details removed. We kindly ask you not to share your phone number publicly on this forum.


It works with the MIT instructions!
Please use plain text.