Installing Certificates for a Radius Server (802.1x)

From HowardForums Wiki

Contents 1 overview 1.1 Terminology 1.2 Pre-requisites 2 Procedure 2.1 Step 1 - Import the root certificate 2.1.1 Common Problems 2.2 Step 2 - Import the personal certificate 3 Step 3 - Configure the wireless connection 3.1 For the O2 Atom 4 Credits

overview

Many companies run a Radius server to improve wireless security. These instructions work with freeradius. Other servers may have slightly different procedures, although the procedure will be very similar.

Terminology

The PPC calls attaching to the network via radius 802.1x mode with EAP-TLS authentication.

Pre-requisites

• A personal certificate ("user.pfx")
• A root certificate
• A backup of your system (with Sprite Backup or similar) so you can hard-reset ;)
• A registry editor - bundled with Resco Explorer or RegEdtSTG download from here
• P12imprt download from here

Procedure

Step 1 - Import the root certificate

1. Copy the root certificate to your PPC using active sync.
2. Browse to the directory you put the certificate in using file explorer.
3. Double tap the certificate to install

Common Problems

There is no program association

---

Browse to \windows\certinst and make it the default program

Certinst gives the error "Security permission was insufficient to update your device"

---

1. Using a registry editor navigate to the hive key HKLM\Security\Policies\Policies
2. Change the following three registry keys (hint: hit Values first)
   1. 00001001 to 1 (was 2)
   2. 00001005 to 40 (was 16)
   3. 00001017 to 144 (was 128)
3. You can now doubleclick your root certificate. The import should silently succeed

Write down the original values, they may be different and you may want to put them back after importing the certificate!

Step 2 - Import the personal certificate

• Transfer the files user.pfx and p12imprt.exe to the "My Documents" folder on your Pocket PC
• Run p12imprt.exe
• Enter the password that protects the PKCS#12 file user.pfx
• Tap "Import certificate"

Step 3 - Configure the wireless connection

Depends on your PPC

For the O2 Atom

• Start>Settings>Connections>Wi-Fi Utility
• Menu>Turn Wi-Fi On
• Site Survey
• Click and Hold the AP you want to connect to
• You should be in the configure wireless networks screen
• Click and hold the AP you want to connect to
• Click connect
• Click 802.1x
• Tick the box
• Leave the EAP as Smart Card or Certificate
• Click Properties
• Select the personal certificate
• Click OK a few times to exit

Credits

• Bernt Lervik - Removing the security from root certificate import
• Jacco de Leeuw - Personal Certificate Conversion and Importing