This is a rough guide to installing a Windows CA certificate on your Android phone so that you can connect to an 802.1x secured wireless access point authenticated via IAS. I’m sure there are bits that could be clarified or expanded upon – please let me know via the comments.

  • Get a user certificate on your PC, then export using the Certificates snap-in module. Make sure you include the private key and all certificates in the path.
  • Rename the file to *.p12 and put it on the SD card.
  • In Android, go to Settings > Location & Security > Install from SD card. It should find the file and prompt you for the password you used to secure it when exporting. For the name of the certificate, use the user’s AD account name, e.g. david.rendall.
  • You will also be prompted to set a password for secure storage. This is equivalent to a password safe or the Mac OS keychain – you set a password on an encrypted store which applications can then request access to. You should use whatever password the end-user wants as they will have to use it in future.
  • Go back to top level of Settings and choose Wi-Fi Settings.
  • You should see one the access points listed (assuming you are in range). Tap on it and choose the following options: EAP method is TLS; Phase 2 authentication is None; CA Certificate and User certificate are both set to the certificate you installed above, which should be listed; identity is the user’s AD account name e.g. david.rendall. The other fields can be left blank.
  • It should be working now. I found that it doesn’t always connect automatically, I suspect because you have to put in the password to open the credential store. If this happens, you can still connect manually by going into Wi-Fi Settings, tap on the network you want and then press the Connect button. You may then be asked for your crential store password, but after entering the password you should be connected.
Advertisement