WPA Enterprise PEAP/MSCHAPv2 certificate

txrocks · August 21, 2023, 9:09pm

Is there a way to set the certificate to "do not validate" in the PEAP/MSCHAPv2 settings ?

Our network has this option when we are connecting to the WiFi and IT has told me it needs to be set to "Do not Validate"

I have not made it back there to try it with that whole line deleted.

THANKS!

// WPA Enterprise with PEAP/MSCHAPv2

// We are setting WPA Enterprise credentials
WiFiCredentials credentials("My_Enterprise_AP", WPA_ENTERPRISE);
// EAP type: PEAP/MSCHAPv2
credentials.setEapType(WLAN_EAP_TYPE_PEAP);
// Set username
credentials.setIdentity("username");
// Set password
credentials.setPassword("password");
// Set outer identity (optional, default - "anonymous")
credentials.setOuterIdentity("anonymous");
// I believe this is the setting that our network needs to be " Do not Validate "
// Root (CA) certificate in PEM format (optional)
credentials.setRootCertificate("-----BEGIN CERTIFICATE-----\r\n" \
                               /* ... */ \
                               "-----END CERTIFICATE-----\r\n\r\n"
                              );
// Save credentials
WiFi.setCredentials(credentials);

armor · August 22, 2023, 8:07am

@txrocks If I understand the setup of WPA2 Enterprise being used - there is an identity and a password but no certificate is required or used? It is while since I have done this for a client, in the credentials setup I would omit credentials.setRootCertificate() all together.

rickkas7 · August 22, 2023, 8:11am

Yes, skipping the root certificate is allowed, it's the identity, password, no cert option.

txrocks · August 22, 2023, 10:29am

Thank you everyone, I will give that a shot this afternoon.

txrocks · August 28, 2023, 4:17pm

I have not been able to get it to connect yet, still getting little to no support from our IT department.

When I try to add the credentials through the CLI "particle serial wifi" I do not get the options that are shown in the link from @rickkas7

It asks to scan for networks, I answered no and manually typed in the SSID, then on network security types I only have the option for

WPA2
WPA
WEP
unsecured

I can not setup for WPA enterprise through the CLI. Is there something I am missing? This is a Photon 2. It is on 5.4.1

rickkas7 · August 28, 2023, 4:19pm

The P2 and Photon 2 do not have support for WPA2 Enterprise yet. It should be added in a future version, but I don't know what version.

txrocks · August 28, 2023, 5:00pm

well that would be why.... Well back to the drawing board. I wish IT would just set me up a separate SSID for these.

txrocks · August 28, 2023, 6:48pm

so it appears that the Photon is the only device that can currently do WPA-Enterprise.

rickkas7 · August 28, 2023, 6:50pm

The Photon and P1 are currently the only devices that can do Enterprise Wi-Fi.

The Photon 2 and P2 will get it in the future.

The Argon will not get support for Enterprise Wi-Fi.