• State
  • Locked Locked
  • Replies 10 replies
  • Subscribers 43 subscribers
  • Views 5476 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

cc3100 : wpa/wp2-enterprise connection

kaien ban
Prodigy 60 points
Other Parts Discussed in Thread: CC3100, UNIFLASH, CC3200

hi

CC3100 not connected. it only needs id and password, not a client certificate. when connects to wifi in window, linux and android, ca certificate's not used.

wpa enterprise spec.
Security : WPA & WPA2 Enterprise
Authentication : Protected EAP (PEAP)
CA certificate is not needed
PEAP version : peap0
Inner authentication : MSCHAPv2
Username and Password are correct.


Ca certificate's been needed in sdk document , which one should I use?

source code

------------

#define EAP_SSID_NAME   "my_ssid"
#define EAP_USER_NAME   "my_id"
#define EAP_PASS_KEY    "my_pass"
#define EAP_SEC_METHOD  SL_ENT_EAP_METHOD_PEAP0_MSCHAPv2
#define EAP_SEC_TYPE    SL_SEC_TYPE_WPA_ENT

SlSecParams_t secParams;
SlSecParamsExt_t eapParams;
    
secParams.Key = EAP_PASS_KEY;
secParams.KeyLen = strlen(EAP_PASS_KEY);
secParams.Type = EAP_SEC_TYPE;
    
eapParams.EapMethod = EAP_SEC_METHOD;
eapParams.User = EAP_USER_NAME;
eapParams.UserLen = strlen(EAP_USER_NAME);
eapParams.AnonUserLen = 0;
        
sl_WlanConnect(EAP_SSID_NAME, strlen(EAP_SSID_NAME), NULL, &secParams, &eapParams);

------------

Regards

kaien

  • 0
    Prodigy 110 points

    Hi Kaien

    I have the same problem (http://e2e.ti.com/support/wireless_connectivity/f/968/t/352669.aspx)

    Do you tried use SL_ENT_EAP_METHOD_PEAP1_MSCHAPv2 mode? 

  • 0 in reply to Andrey Cherepanov
    TI__Prodigy 100 points

    Hello,


    The android is using some protocol to retrieve the certificate by himself. we do not support this protocol.

    if one, wants to connect to an enterprise network, he needs to ask the network admin for the Ca certificate of the network radius server.

    he also need the network admin to supply a client cert and private key for client authentication, again this is done automatically by android.

    Thanks

  • 0 in reply to Israel Zilbershmidet
    Prodigy 110 points

    My network admin give me client cert in PFX format. How right convert PFX format to PEM format and private key?

  • 0 in reply to Andrey Cherepanov
    TI__Prodigy 100 points

    see if this helps

    http://support.citrix.com/article/CTX106028

  • 0 in reply to Israel Zilbershmidet
    Prodigy 110 points

    One more question.

    Extraction private key, description here (https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File)  is right?

  • 0 in reply to Andrey Cherepanov
    Prodigy 60 points

    Hello

    sniffing log (wireshark)

    ..

    Response, Legacy Nak(Response Only)

    => Failure

    Can I use this peap protocol?

  • 0 in reply to kaien ban
    Prodigy 110 points

    Hi.

    Today I successfully connected CC3100 via EAP-PEAP protocol.
    I my case it took updated CC3100 firmware and download cert into module .
    For update firmware I used CC3100 Flash Programmer - v0.5. Description in this article: http://processors.wiki.ti.com/index.php/CC31xx_Flasher_Guide.
    For donwload cert requires the following:

    To extract the Enterprise network certificate on windows 7 machine follow the following steps:

    –      Press Start button

    –      Type certmgr.msc into the Search box, and then pressing ENTER.

    –      Double Click Trusted Root Certificate Authorities

    –      Double Click Certificate

    –      Look requested cert (ask your network admin)

    –      Double Click on it. It will open the Certificate.

    –      Select Details Tab

    –      Click on “Copy to File” button and export the certificate as .cer Format (base64 encoded X509)

    C:\Users\a0693620\Desktop\Connectivity\CC3100\demos\externalhotspot\externalhotspot84.cer

    Download the certificate file as /cert/ca.pem on the serial-flash using CCS_UniFlash [1] utility by adding it to the target config of the exiting oob.

    Open main.c and modify SSID_NAME, USER_NAME, PASS_KEY, SEC_METHOD and SEC_TYPE as per your access-point properties. Edit the same file and modify the values for DATE to SECOND. Build and run the application. CC3100 connects to the enterprise network with the credentials in USER_NAME & PASS_KEY

  • 0 in reply to Andrey Cherepanov
    TI__Expert 4695 points

    Andrey,

      Thank you and here is a link to the procedure referencing VeriSign Class 3 Public Primary Certification Authority – G5.

     I just got this to work on the Hercules launchpad with the CC3100.

    Thank you,

  • 0 in reply to Andrey Cherepanov
    Prodigy 240 points

    What do you mean by change DATE to SECOND? I am using the CC3200 and I do not see that in the example application. Was it in one of the included files? or is this particular to your example code?

  • 0 in reply to Sudip Guha
    Prodigy 110 points

    I mean to the nearest second. But it turned out that it is not necessary.