WPA Enterprise PEAP/MSCHAPv2 certificate

Is there a way to set the certificate to "do not validate" in the PEAP/MSCHAPv2 settings ?

Our network has this option when we are connecting to the WiFi and IT has told me it needs to be set to "Do not Validate"

I have not made it back there to try it with that whole line deleted.

THANKS!

// WPA Enterprise with PEAP/MSCHAPv2

// We are setting WPA Enterprise credentials
WiFiCredentials credentials("My_Enterprise_AP", WPA_ENTERPRISE);
// EAP type: PEAP/MSCHAPv2
credentials.setEapType(WLAN_EAP_TYPE_PEAP);
// Set username
credentials.setIdentity("username");
// Set password
credentials.setPassword("password");
// Set outer identity (optional, default - "anonymous")
credentials.setOuterIdentity("anonymous");
// I believe this is the setting that our network needs to be " Do not Validate "
// Root (CA) certificate in PEM format (optional)
credentials.setRootCertificate("-----BEGIN CERTIFICATE-----\r\n" \
                               /* ... */ \
                               "-----END CERTIFICATE-----\r\n\r\n"
                              );
// Save credentials
WiFi.setCredentials(credentials);

@txrocks If I understand the setup of WPA2 Enterprise being used - there is an identity and a password but no certificate is required or used? It is while since I have done this for a client, in the credentials setup I would omit credentials.setRootCertificate() all together.

Yes, skipping the root certificate is allowed, it's the identity, password, no cert option.

Thank you everyone, I will give that a shot this afternoon.

I have not been able to get it to connect yet, still getting little to no support from our IT department.

When I try to add the credentials through the CLI "particle serial wifi" I do not get the options that are shown in the link from @rickkas7

It asks to scan for networks, I answered no and manually typed in the SSID, then on network security types I only have the option for

WPA2
WPA
WEP
unsecured

I can not setup for WPA enterprise through the CLI. Is there something I am missing? This is a Photon 2. It is on 5.4.1

The P2 and Photon 2 do not have support for WPA2 Enterprise yet. It should be added in a future version, but I don't know what version.

well that would be why.... Well back to the drawing board. I wish IT would just set me up a separate SSID for these.

so it appears that the Photon is the only device that can currently do WPA-Enterprise.

The Photon and P1 are currently the only devices that can do Enterprise Wi-Fi.

The Photon 2 and P2 will get it in the future.

The Argon will not get support for Enterprise Wi-Fi.

For a Photon - client has username and password and no certificate.

If the credentials are set with identity, outer identity and password - no root certificate and no client certificate then a test of WiFi.hasCredentials() returns false. Any explanation for this?

It looks like the code only checks for a username in the inner identity, not the outer identity when using PEAP.

Thanks - even deeper mystery.
The identity being used is like XYZ not X.Y@Z.com - I wondered if the WICED was checking for a certain format in the identity.

[Update - indeed on the Photon the WICED stack checks the format of the identity and if it does not conform to a format such as X@Y.com then it will not store the credentials!]

Already any idea when the P2 can do Enterprise Wi-Fi? We have a project in a university and their network is WPA2 Enterprise.
Thanks.

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.