I am sure someone here here knows how to import a certificate to N8 or any Symbian 3 phone, right?

If certificate opens in to the "Notes" application when trying to install it, most likely this is caused by the fact that certificate file is in incompatible Base-64 encoded X.509 format (which is practically a text file).  Approriate format for installation on the Nokia phones is the "DER binary encoded X.509".

 

You could try to ask if network administrators if they are able to provide the same certificate in "DER binary encoded X.509" file format. If they are not able to help then you can also convert it to the correct binary format by yourself. 

 

Following is taken from old message that contains dedailed instructions on how to convert / export certificates to Nokia compatible DER binary X.509 format  using a Windows PC.

 

--  Link to original message  --

 

In order to be able to install the self signed CA / server certificate on your phone it needs to be exported (or created in the first place) to the appropriate file format which for Nokia phones is "binary encoded DER (X.509)". Also note that the certificate file should have a ".cer" filename extension (e.g. certificate.cer) so that when certificate file is copied to the phone's memory card and "opened" with phone's File Manager it should automatically start up the certificate installation process in to the phone's Certificate Manager.

 

In case the certificate file has a ".cer" extension but it opens up on the phone with "Notes" application (text viewer) then format of the certificate file is not binary encoded DER. In case the certificate is in incorrect "text" format it is however possible to convert it to proper binary DER format e.g. with a regular Windows PC in a following manner.

 

Right click on the certificate file on a Windows PC and select Open (instead of install). This opens up the certificate without installing it and shows information about the certificate (validity times, name of the issuer etc.). The "Details" tab shows more information on the capabilities of the certificate and has a "Copy to file" option which allows certificate to be exported to another file in proper "DER encoded binary (X.509)" format that should be installable on the phone.

 

saataja, thank you very much for getting back to me.

 

I have sent the cer in the format you suggested and been able to install on my phone.

 

upon instalation there was a question: "this cer is used to connect to internet, vPN, widgets..."

 

do I tick all the options or just the internet option?

 

also my Uni instructions specifically said to save the cer in 64 encode 509, not der binary encoded X509.

 

I guess there is no harm in trying, since their instructions is wrong, or is there?...

Thank you SOOOO much for the detailed answer.  One can only admire the level of knowledge you posses.

 

I will try to connect with the new certificate following your tips and will report back (next week already).

 

once again, THANK YOU!

saataja,

thank you once again!

problem and discussion marked as solved, as I did indeed manage to connect now!!!

kudos added!

Ok, I connected to the network successfully, but I cannot access the internet.

 

How is that possible?

 

---

a_petrov303 wrote:

Ok, I connected to the network successfully, but I cannot access the internet.

 

How is that possible?

---

 

Could it be that the network requires usage of proxy in order to connect to internet?

 

If proxy is the reason then you can enter proxy server's address and port number in to the advanced IAP settings .

 

Edit the WLAN IAP you created for this network and go to Options (right soft key) -> Advanced Settings ->and fill in the Proxy server address and port number accordingly (ask these from network administrator if needed).

 

Another possible case might be that your phone has for some reason failed to receive an valid IP address from the DHCP server which would naturally prevent all IP connectivity to local network and to internet even if WLAN connection and PEAP authentication aspects of the connection are fine.

tend to think that all the settings are correct...

 

if it is the failure to obtaina valid IP, what can be done to rectify?

 

on my home WPA2 network I can browse the internet and ovi store...

Please, help me because I don´t know what´s going on here...

 

My company uses a peap-eap network, but I can´t connect using my N8.

 

I have a Nokia N900 already connected to the network, and the settings that I´ve used are:

 

EAP MSCHAPv2

username: username@uolcorp.intranet

password: mynewtorkpassword

For some reason I´m able to connect to this network with my N900 without using any certificate. The N900 show me a message telling me that the certificate is not valid, but I can use the internet without any problems.

 

I´ve tried to put those same data into N8, but I have no lucky yet.

 

Unfortunately, our IT team also don´t know what to do. They told me that I don´t need a certificate, but they also give me this certificate to make a try.

 

www.master78.com.br/ca.cer

 

It didn´t work either!

 

I noticed that is Windows 7, my login name appers as "UOLCORP\username". So, I tried to use this format of username, but once again, it didn´t work.

 

Can anyone help me with that?

 

Tks!

 

---

igorlt78 wrote:

Please, help me because I don´t know what´s going on here...

 

My company uses a peap-eap network, but I can´t connect using my N8.

 

I have a Nokia N900 already connected to the network, and the settings that I´ve used are:

 

EAP MSCHAPv2

username: username@uolcorp.intranet

password: mynewtorkpassword

For some reason I´m able to connect to this network with my N900 without using any certificate. The N900 show me a message telling me that the certificate is not valid, but I can use the internet without any problems.

 

I´ve tried to put those same data into N8, but I have no lucky yet.

 

Unfortunately, our IT team also don´t know what to do. They told me that I don´t need a certificate, but they also give me this certificate to make a try.

 

www.master78.com.br/ca.cer

 

It didn´t work either!

 

I noticed that is Windows 7, my login name appers as "UOLCORP\username". So, I tried to use this format of username, but once again, it didn´t work.

 

Can anyone help me with that?

 

Tks!

---

 

In case of N8 (and other Symbian based models) you really need to have valid Certificate Authority certificate installed on the phone and defined as "Authority Certificate" in EAP-PEAP settings of the phone.

 

When you say that you already tried using the certificate from the link you posted did you manage to install on the phone and was it selected as a "Authority Certificate" in EAP-PEAP settings of the phone?    If certificate was installed and you had edited your phone's access point settings (for this particular WLAN network) so that the particular certificate  (probably named as "ca") was selected on the EAP-PEAP settings page then it might be that this CA certificate is not the the one that your IT department has used for signing the "server" certificate they are running on their EAP authentication server. 

 

You mentioned defining the EAP-MSCHAPv2 username on N8 settings but please note that you also need to define the username for EAP-PEAP  (not just for EAP-MSCHAPv2). 

 

You could try following settings on the N8 (edit or create new access point for this particular WLAN network):

 

Security mode: WPA/WPA2

WPA/WPA2 mode:  EAP

 

EAP-plugin settings:

 

Enable EAP-PEAP and disable EAP-SIM and EAP-AKA.(long press to disable)

 

Enter  EAP-PEAP settings (click on EAP-PEAP)

 

On first EAP-PEAP settings page:

 

Personal certificate: not defined

Authority certificate: ca   (or whatever is the name of the certificate your IT dep. provides)

Username in use:  User defined

Username:   username@uolcorp.intranet     (or  you could try with "username" or  "UOLCORP\username")

Realm in use:  User defined

Realm:  <leave this empty>

TLS privacy: Off

Allow PEAPv0:  Yes

Allow PEAPv1: No   (you can also try with "Yes" but "No" is likely a better choice since you are using PEAP with EAP-MSCHAPv2 inner authentication, which typically means that PEAPv0 is preferred by the server)

Allow PEAPv2: No

 

Then go to the next EAP-PEAP settings tab (hit arrow to right on top of screen) and select the EAP-MSCHAPv2  (disable SIM and AKA by long pressing on them)

 

Enter EAP-MSCHAPv2 settings (click on it).

 

Username: username@uolcorp.intranet

Prompt password: No

Password: yourpassword

 

Go back multiple times to save your new access point setting and try connecting.

 

But like said earlier,  if  it happens that "ca" certificate that your IT provided you is not really the correct certificate then PEAP/EAP-MSCHAPv2 authentication on your N8 will inevitably fail even if rest of the EAP-PEAP and EAP-MSCHAPv2 settings are correctly defined.

 

WLAN connection and EAP authentication part is OK if you manage to connect your N8 to (without "EAP-PEAP authentication failed" error) and WLAN Wizard shows you that phone is "Connected" to this WLAN network and WLAN icon on top of the screen shows secured connection symbol.    If you still have problems connected to "internet"  after WLAN connection was successfully made, e.g. your phone's web browser fails access web sites that are on the internet (but you can access local intranet web sites) then you might also need to configure the web proxy server address and port in to your phone to be able to reach "internet".

 

Proxy settings can be edited from the advanced settings of the access point.  (Settings-> Connectivity -> Settings -> Destinations -> Internet -> select the access point for this particular WLAN network -> Options -> Advanced Settings -> Proxy server address and port.  (ask proxy settings from IT if needed).

 

This is an interesting set of information...

 

I bought my wife the E5 and her work wifi uses WPA2-Enterprise.  She's not able to auto connect to it.  I will need to do the similar steps in the above posts?  Manually obtain and install the Certificate Authority certificate for the wifi network?  And manually set up the wifi settings?

 

I'm just wondering what if the IT doesn't know what the Certificate Authority certificate file is?  Are we out of luck?

 

Why in 2010, now almost 2011 Nokia can't implement the wifi protocols properly like other phones so that it can be done automatic?  Surely this can be fixed or is it an impossible design issue?

 

Has the original poster confirmed he now has internet access after connecting?

 

Thank you for your time

Hi saataja!

 

Thanks for your information, but unfortunately, it didn´t work yet!

 

1 - I don´t use proxy

2 - My IT team says that there´s no certificate for this network. (I´ve also tried that other certificate, but I´m not 100% sure if this is the correct certificate, since my IT team doesn´t have one)

3 - I have already tried to put my username as "username@uolcorp.intranet", or "UOLCORP\username" or only "username".

4 - Using these same credentials, I can connect to the network with my Nokia N900.

5 - When I look at the Windows 7 network, I can see that there´s no certificate set to this network.

 

Any idea?

you always need a certificate. Is there someone at your work with an iPhone?
When you connect an iPhone for the first time, you'll get a message that the certifocate needs to be downloaded. You can choose this certificate in your PEAP settings. For the rest:
At the PEAP settings:
Chose the certificate
Set the realm manual and enter what you chose for logging in before \
Also set the login to manual en chose what you enter after \
Set only the MSSCHAPv0 settings to yes
go to the MSSCHAP settings and enter your username (only what is after \)
set the password promt to 'no' and enter your password.

This must do the trick! But again there is always a certificate!

Good luck...

One more thing. Connecting to the peap network at work freezes my phone. There is a threath about this wpa2 issue in the forum...

Actually how about this question... since a computer can connect to the network, how do I extract the certificate from that?  So I don't have to ask a clueless IT department.

 

 

I have no idea and think that a pc does this in the background, or trusts it anyway.
You could ask your IT department what kind of certificates they usually use for other things, such as intranet, webmail, etc (verisign, equifax, thawte, etc), usually a company uses one brand for certification.
Once you get the answer you can check the one in the phone (if there are alternatives, try them all).

Nothing yet!

 

My IT team are not sure about the certificate. They told me to try with this one http://www.master78.com.br/ca.cer but it also didn´t work!

 

I have tried to look in Windows 7, to see which certificate this connection uses, but as you can see here, it seems that Windows doesn´t validate the certificate.

 

There are so many possible combinations of my username and realm, but I think I already tested all of them.

 

Username tested: "username", "username@uolcorp.intranet", "domain\username"

Realm tested: "uolcorp", "uolcorp.intranet"

 

Anything else?

Thanks bruin3, your post here, /t5/Connectivity/N8-refuses-to-connect-to-University-EAP-PEAP-PEAP-network/m-p/844907#M34777, was what got me the closest I think.  In regards to user name.

 

On the E5, EAP settings you have username and realm.  Make sure to put just your username and no domain\username in this field.  Realm is the authenticating server (or domain I guess).

 

I was able to see on my windows7 laptop, that was connected ok onto the network, the authenticating server name, the certificate used (Thawte Security Premium CA or something).  I disabled everything except for EAP-PEAP and enabled all ciphers.  Enabled all PEAP V0,V1,V2 cause I didn't know which it was, MSCHAPV2 was the only option I had... put the username without the domain there, and password (with password prompt option no)

 

igorit78,  looking at your screen shot, that's where I found out what security cert my laptop was using and was glad to see the same in my E5.  Maybe it's coming down to how you enter your login credentials?

 

NOKIA.  THIS WAS HARDER THAN IT SHOULD'VE BEEN.  The E5 is not a first gen s60 3rd edition device so you guys had plenty of time to get it perfect.  I expected this to be the perfect S60 3rd edition experience (I'm a N73, N95, N97mini user) but MFE for gmail sucks and you can't do multi calendars sync.  The phone has crashed a few times for unknown reasons yet and WIFI for all protocols should've been auto set up. <end side rant>