• Resolved

CC3000 and WPA/WPA2-EAP (Enterprise Mode)

Hi,

is there a way to get CC3000 to work with certificates: WPA-EAP / WPA2-EAP (Enterprise Mode)?

thx
Gerhard

  • Hi Gerhald,

    CC3000 does not support enterprise security.

    Reagrds

    Igor

  • In reply to Igor56492:

    Thanks Igor,

    are there plans for future implementation? I think, this is only a matter of the API?

    Unfortunately without enterprise the CC3000 is a no go...

  • In reply to Gerhard48236:

    Hi Gerhard,

    The CC3000 will not support entreprise securirty.
    It's not just a matter of the API, it requires extensive changes in the supplicant and wlan driver.

    Thanks,
    Alon.S

  • In reply to Alon Srednizki:

    Hi,

    Is CC3000 still doesn't support Enterprise Security ? Please confirm.

    I am planning to deploy CC3000 based wearable device inside hospital setting. I see that my mobile device conencts to hospital wifi through home page where I have to confirm their terms and conditions.

    Can I overcome that confirmation through my software ? If yes , could you please give me some pointers in that direction ? Appreciate your help on this

  • In reply to Srinath Vaddepally1:

    Hi Srinath,

    The CC3000 supports WPA/WPA2, but it does not support certificates.

    If the AP you are connecting to has an "I Agree" type of page, you can "agree" from the CC3000. All you need to do is load the page and then perform an HTTP POST with the correct response. However you need то first capture this response using a PC running Fiddler or some other tool that can see the HTTP communication.

    If the "I Agree" page comes in over HTTPS, you are out of luck, since the CC3000 does not support SSL.

  • In reply to Ivor Sargoytchev:

    Hi Ivor,
    I do think that CC3000 can perfectly well support SSL (or HTTPS), as this is on top of normal TCP/IPv4 communication and would need to be just implemented in user code.

    But this has no direct relation to connecting to an AP using certificates, which CC3000 cannot do (as the AP connection process is internal to CC3000 chipset and not controllable in detail using API or HCI commands).

    Cheers,
    Risto

  • In reply to Risto Koiva:

    Hi Srinath,

    CC3000 does not support WPA2-EAP(802.1x). I believe connection using WPA2-EAP and authorization/confirmation are two different things here.

    If during the connection to an AP, you were asked to enter the authentication details on your phone in a seperate dialog, then this is specific to WP2-EAP connection protocol using a radius server. And we do not support this.

    If you are asked to authorize or agree to certain terms then that would be something related to sending response over HTTP using a HTTP client, which I think would require specific implementation at the host side. And as Ivor said, if the exchange is over HTTPS then it needs additional effort.

    Thanks & Regards,
    Raghavendra

  • In reply to Raghavendra Shenoy:

    Raghavendra / Ivor/ Risto,

    Thank you so much for your comments. Let me summarize my understanding of our discussion.

    1) When I connect my mobile to hospital network AP, if it prompts me to enter user id and password besides AP name, I assume I can't connect CC3000 device to AP

    2) When I connect my mobile to hospital network AP, if it just prompts me to enter AP name and password. I am good to go with CC3000.

    3) When I connect my mobile to hospital network AP, after I enter AP name and password, if it takes me to another page where I need to accept terms and conditions, it is possible to connect CC3000 to AP using both HTTP & HTTPS but with extra effort.

    Please correct me if I am wrong.

    Thanks,

    Srinath

  • In reply to Risto Koiva:

    Risto Koiva

    Hi Ivor,
    I do think that CC3000 can perfectly well support SSL (or HTTPS), as this is on top of normal TCP/IPv4 communication and would need to be just implemented in user code.

    But this has no direct relation to connecting to an AP using certificates, which CC3000 cannot do (as the AP connection process is internal to CC3000 chipset and not controllable in detail using API or HCI commands).

    Cheers,
    Risto

    Hi Risto,

    In theory you are 100% correct - the HTTPS protocol can be fully implemented in the MCU. But in practice this is not feasible, since it would require a very high end MCU. It would make more sense to go with something like a Raspberry Pi with a $7 USB WiFi dongle.

  • In reply to Srinath Vaddepally1:

    I would change #3 to the following:

    3. When I connect my mobile to hospital network AP, after I enter AP name and password, if it takes me to another page where I need to accept terms and conditions, it is possible to connect CC3000 to AP using HTTP, but with extra effort. It is also possible to connect through HTTPS, but this would require a large effort in implementing HTTPS, possible hardware changes to a much more powerful MCU that can handle the encryption and enough memory to store the SSL certificates.