Does any one know if there is a way to use your WM6 device on a secured WPA, TKIP, PEAP network when you have your own user name and password to access regular pc.
I'm trying to use my TILT at work and everytime i try to log in it tells me that i need "personal certificate" to positively identify me.
Would it possible to retreive my personal certificate from my work loptop and transfering it somehow to my Tilt?
I really need some help with that, i've been trying this forever.

THanks in advnace

There is a solution here: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2434968&SiteID=1

There is a solution here: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2434968&SiteID=1

Did you try this? It sounds like a similar issue but I've never seen some of the screens they are mentioning for login credentials. I tried the registry key but still get the message that I need a personal certificate.

I'm going to try Odyssey's Access client, which is now Juniper I guess.

Juniper Odyssey Access Client works just fine with the Tilt/WM6.

I was able to connect to my company's PEAP/MS-CHAP-V2 network.

If you do a google search with keywords "p12imprt.exe pocketpc" you will find a smal program that allows you to import personal certificates in your Windows mobile.
I hope this helps.

thanks guys, i'll try all the suggestions and'll let you know

I've set up a RADIUS auth server w/WPA-TKIP @ home.... not too hard to config PEAP. I'll try it out this evening and report back the details.

careful if you try the odyssey client, maybe wait to see seattle's results. Odyssey really grabs a hold of the registry. Do an image backup before installing.

FYI...I checked that thread, and checked my registry, and I have that setting they suggest. I am getting the personal certificate error anyway.

The import certificate sounds interesting. Actually I had been told a while ago I needed to do that, and I thought I saw a way natively on my Tilt to do that, but I have no idea how to get the certificate to import. I asked our admins at my office about that, and they had no clue.

Any thoughts on how/where to get teh certificate to import? (Someone said it woudl be on my laptop that I login with, but don't know whre it is there either).

Why not just export your personal certificate from the PC and run it on the handheld, the first time you try to enroll it will ask for credentials.

Works for me anyway.

Why not just export your personal certificate from the PC and run it on the handheld, the first time you try to enroll it will ask for credentials.

Works for me anyway.

Nybom...if you can give me any hints on how to do that it would be great. That was my point in my last statements re: the laptop - I don't know how to export it nor does my admins here.

I use Windows Vista at work. WMDC has a feature that allows you to import various certificates from your corporate network. If you are using ActiveSync on XP, I would suggest looking at options there. I don’t have ActiveSync right now or I would look. I have successfully connected my Tilt to our corporate wireless, which is WPA, AES, PEAP. Hope this helps.

Export a Certificate

To export a certificate, follow these steps:

1. From the computer where the certificate was installed, start Microsoft Management Console (MMC). Start>Run>MMC

2. Add the Certificates snap-in to the console.(Ctrl M) When you are prompted, click My user account as the account to be managed.

3. In the MMC console, double-click Certificates – Current User, double-click Personal, and then click Certificates.

4. In the right pane, right-click the certificate that you want to export, point to All Tasks, and then click Export.

5. When the Certificate Export Wizard starts, click Next.

6. On the Export Private Key page, click Yes, export the private key.

The private key is required for the encrypted messages to be read from the computer where the key will be imported.

7. On the Export File Format page, leave the default settings, and then click Next.

8. On the Password page, type password for the private key.

9. On the File to Export page, type the path and the name for the exported certificate file, and then click Next. (save it to your storage card for future use)

The file name has a .pfx extension. This file is the .pfx file that is imported to other computers.

10. Click Finish.

The export certificate file is saved with the name that you specified and a .pfx extension.


To import, use File Explorer, find where you saved it to, and click on it. It will automatically place it in the correct certificate store.

Thank you so much. I was so excited.

But alas, I apparently do not have any certificates on my laptop. ( I say that because when I DClick on Personal, it says "There are no items to show in this view" ). My method of authentication to the wireless here is via AD, and past discussions everyone thought it would have pushed a cert to my PC, but that seems to not be the case.

Although there are a lot of other certificates, a couple of which are issued by my company, in the Trusted Root Certificate Authorities/Certificates folder. Should I try one of them?

Thank you so much. I was so excited.

But alas, I apparently do not have any certificates on my laptop. ( I say that because when I DClick on Personal, it says "There are no items to show in this view" ). My method of authentication to the wireless here is via AD, and past discussions everyone thought it would have pushed a cert to my PC, but that seems to not be the case.

Although there are a lot of other certificates, a couple of which are issued by my company, in the Trusted Root Certificate Authorities/Certificates folder. Should I try one of them?

Yes, absolutely. However, when you ADD the cert in the MMC, it will have to be as a computer>local computer account rather than a personal account. Choose the Base64 option to save as a .CER. Import to your device the same way. You may also want to explore the Intermediate Certificate Authority folder on the MMC for more that relate to your company. Doesn't hurt to grab all that you think relate to your company. Mine ended up having 2 Roots and 4 Intermediates.

Thanks!

Next issue: I have no export private keys page come up, and wehn I get to the final page, keys is set to NO.

In case it makes any difference, my laptop is Windows XP Pro.

I wonder if it could be because somethign is 'locked down' by admins here.

Nybom...if you can give me any hints on how to do that it would be great. That was my point in my last statements re: the laptop - I don't know how to export it nor does my admins here.

I also have the certificate pushed out from the AD. But if you do not have any personal certificates listed in the personal tab I don't know what to do.

In my case I went to "Internet options", tab "Content", chose "Certificates", in tab "Personal" marked the certificate with my AD account name and chose "Export". Then "Next", "Next", "Next"... all without changing anything and then saving the file.

Yes, absolutely. However, when you ADD the cert in the MMC, it will have to be as a computer>local computer account rather than a personal account. Choose the Base64 option to save as a .CER. Import to your device the same way. You may also want to explore the Intermediate Certificate Authority folder on the MMC for more that relate to your company. Doesn't hurt to grab all that you think relate to your company. Mine ended up having 2 Roots and 4 Intermediates.


but how do you import it in windows mobile, aboviously it's not the same way as xp, i got my company's .cer file now how do i install in on my tilt. Also i couldn't find any personal certificates even thouh i use my desk pc and my work loptop.

thanks

ok i installing a certificate on a WM devisce is easy just click on the cert once you transfer it to the phone.
BUt can someone telll me why i don't have my own personal certificate on my work pc and loptop. I log in to both using the same network username and pass with the company's domain selected from the drop down menu.

thanks

I can't answer your question since I've seen the same thing on both of my PCs. One had a personal cert, the other did not. I don't think a personal cert. is necessary. If you have the proper root(s) and intermediates, you should get a log on screen when it tries to connect. Once you login the first time, your set.

I can't answer your question since I've seen the same thing on both of my PCs. One had a personal cert, the other did not. I don't think a personal cert. is necessary. If you have the proper root(s) and intermediates, you should get a log on screen when it tries to connect. Once you login the first time, your set.

I do get a log on screen on my tilt, but when i input my username, pass and company's domain it tries to connect but then a message pop up saying that i need personal certificate to be able to log in.

Are you sure you added a "Current User" account when you tried to export your personal cert? Your personal cert. will only show up in a user account and not a machine account. If this is what you did, I'm afraid I can't assist any further as I'm out of ideas.

It looks like I'm running into this same problem. Trying to connect to the university's wireless network. I go to school and work here. Using PEAP, EAP-MSCHAP v2.
Attempted the registry edit, still had that box pop up. However, I would get a log in screen for 10 seconds. I had to race to get my username/password before the log in screen went away with the same original error (need a personal certificate blah blah). I would get the error whether I got my info entered or not.
My university doesn't use personal certificates. They only have a .CER/.DER root certificate. On my Windows XP setup, there is a box to check for "Validate Server Certificate." I'm assuming I need something like that on my Tilt.
I went online and found a personal certificate to some other university, knowing it wouldn't work, but it at least let me see the next screen. I had hoped there would be more options in the PEAP properties than "select a personal certificate". With this method, I can enter my username/password/domain and it will sit and try to connect before it gives up. At least there is no error message this way.

I've tried everything I could find on this forum and google. I really don't want to pay for a different Wifi client. If anyone sees a possible solution or knows of a free Wifi client that handles PEAP, I would much appreciate it.

Well, progress, but no cigar.

I can export my certificates, both ways discussed in this thread...except in none can I so wi "with a key". No options whatsoever show up for a key.

None will import into my Tilt. I get an error titled Certificate Installer that says "The certificate wa not successfully added. Please restart the device and try again". Restarting doesn't help.

I don't know if it is a Tilt problem, or a problem with expoting the certificates.

For those who got us going, thanks for the help.

I guess we're out of steam and ideas now. So many angles...is it the network at work, the desktop computer, the Tilt...

Oh well, maybe sometime in the future. If I figure it out, I'll post back here.

I was able to get Peap working today. I did the registry key fix but that didn't really do anything since I was still getting the "you need a personal certificate".

I then went on my PC which is connected on the LAN to our work domain. I went into my Certificate MMC but did not have any Personal certificates so I decided to instead look at machine certificates just so I had something on my Tilt.

Here is what I did:

Start->run and enter mmc
File->Add/Remove snapin
Click Add button
Select 'Computer Account'
Click Next and pick Local Computer
Click Finish, then close, then OK

Expand the Certificates section
Expand Personal, you should see your machine cert in the right section
Right-click->all tasks->export
Click Next
Yes to export the private key, next
Leave defaults for File Format
Enter a password (will have to enter on device when importing)
Give a location to export and finish the wizard.

Now transfer that pfx file to your device and run it from File Explorer. Enter your pass and import the certificate.

Go back through your Wireless settings on the device and it should get you one screen further so you can pick to use that certificate. Once you click ok on that certificate you should get a login window for you to enter your network credentials.

This is what worked for me today after 2 hours of trying different crap. I'm now connected to my work network using PEAP

i tried exporting but was only able to export the certificate, it says that the private key is not exportable, any clue why?

i tried exporting but was only able to export the certificate, it says that the private key is not exportable, any clue why?

I'm not sure, could be any number of reasons. When I first start the export wizard the first question is "do you want to export the private key".

I'm pretty sure that Odyssey Client for WM6 has a problem with accepting session certificates. At least I know that I have been unable to connect to my school's network because they use PEAP and session certificates which change every time you connect. Any suggestions?

ok got it to work, admins should make this thread a sticky in networking or something.



duh i transfered the cetificate like two weeks ago, but my domain had .com at the end and it shouldn't, so i removed it and it worked. All i have to do onece is use my username and password and companys domain name without the .com or .net and it works every time.

P.S. the certificate that i transfered wasnt a private key so i assume it doesn't have to be a private

ok got it to work, admins should make this thread a sticky in networking or something.



duh i transfered the cetificate like two weeks ago, but my domain had .com at the end and it shouldn't, so i removed it and it worked. All i have to do onece is use my username and password and companys domain name without the .com or .net and it works every time.

P.S. the certificate that i transfered wasnt a private key so i assume it doesn't have to be a private


That is good to hear. Whenever you get a login prompt that asks for a domain you have to enter just the name, not the fully qualified dns name unless that is the actual windows domain name.

I was able to get Peap working today. I did the registry key fix but that didn't really do anything since I was still getting the "you need a personal certificate".

I then went on my PC which is connected on the LAN to our work domain. I went into my Certificate MMC but did not have any Personal certificates so I decided to instead look at machine certificates just so I had something on my Tilt.

Here is what I did:

Start->run and enter mmc
File->Add/Remove snapin
Click Add button
Select 'Computer Account'
Click Next and pick Local Computer
Click Finish, then close, then OK

Expand the Certificates section
Expand Personal, you should see your machine cert in the right section
Right-click->all tasks->export
Click Next
Yes to export the private key, next
Leave defaults for File Format
Enter a password (will have to enter on device when importing)
Give a location to export and finish the wizard.

Now transfer that pfx file to your device and run it from File Explorer. Enter your pass and import the certificate.

Go back through your Wireless settings on the device and it should get you one screen further so you can pick to use that certificate. Once you click ok on that certificate you should get a login window for you to enter your network credentials.

This is what worked for me today after 2 hours of trying different crap. I'm now connected to my work network using PEAP

That still doesn't work for my situation because there is no personal certificate in that snap-in to export. My University doesn't use personal certificates.

I was able to get Peap working today...

Well, I was thinking it would work, as you describe your environment like ours. I logged in originally wiht my AD Name and Password.

But I’m not quite able to follow your instructions. Here is what I’m finding, following the lines of instructions (your lines in red):

Start->run and enter mmc
File->Add/Remove snapin
Click Add button
Select ‘Computer Account’But, there is no ‘Computer Account’ to select :

http://i132.photobucket.com/albums/q17/kruiser_56/menu1.jpg

So, I tried selecting Certificates, thinking maybe you missed that on the instructions, and found Computer Account:

http://i132.photobucket.com/albums/q17/kruiser_56/menu2.jpg

Click Next and pick Local Computer

Well, the below screen seems in alignment with that, which is what I got when I clicked next:

http://i132.photobucket.com/albums/q17/kruiser_56/menu3.jpg


Click Finish, then close, then OK

Expand the Certificates section
Expand Personal, you should see your machine cert in the right section

Uh, I think this is really what I did from earlier instructions, and no, I don’t have anything personal there:


http://i132.photobucket.com/albums/q17/kruiser_56/menu4.jpg

With no personal certificates I didn’t do the rest below.
Right-click->all tasks->export
Click Next
Yes to export the private key, next
Leave defaults for File Format
Enter a password (will have to enter on device when

So, it seems that maybe the addition of the Computer Account is what I’m missing.

Any thoughts?