Most medium and larger companies wish to administrate their wireless network (a.k.a WiFi or WLan) from a central location, without the hassle of having to update all the shared keys if somebody leaves the company. The most widely used method is RADIUS (also known ad PEAP or MSCHAP v2). This method allows access control to the network on a per-user basis and from a central location throug the normal domain name server of your network. Windows Mobile devices can deal with RADIUS, so that you connect to your business network securely. This page describes how to do this in a step-by-step tutorial.
Obtaining the server root certificate
First step in connecting to a business network is obtaining the certificate that is used by the domain controller. This way the PocketPC can identify if he is authenticating against the right server. This reduces the chance of the use of so-called 'evil twins': Wireless Access Points pretending to be trusted but eavesdropping on the traffic.
You start with opening Microsoft Internet Explorer. In the "Internet Options", found under the tools dropdown in Internet Explorer, you can see the following in the "Content" tab:
In this, you select "Certificates...". This opens the following dialog:
In this dialog, you select the tab "Intermediate Certification Authorities", in which you select the certeficate associated with your domain. In this case, it is the CIBIT certificate. After selecting the certificate, you click on "Export...". After a welcome screen (click "Next" on this screen), you get the following screen:
In this screen, you select "DER encoded binary X.509 (.cer)" and select Next. In the following screen you can type a name for the certificate. After clicking Next, you see the following dialog:
The dialog provides an overview of all the properties of the certificate.
Installing the certificate on the mobile device
Now that we have obtained the certificate, we have to install it on the mobile device. We start by copying the certificate from the desktop to the device. After copying the certificate to your mobile device, you can see the file in your file explorer. After tapping on the certificate, you see the following dialog:
You tap "Yes", after which the certificate installs. You can check this by going to the "Settings", "System" settings, where you can find the "Certificates" application. When you open it, you can see the following screen:
<img title="Certificate overview" style="width: 180px; height: 238px" height="238" alt="Certificate overview" src="../storage/users/4/4/images/16/Screen002. ...
No comments:
Post a Comment