Saturday, September 10, 2011

TTLS/PAP authentication in Nokia smartphones

Our college revamped the authentication mechanism of our campus wifi recently: instead of WPA2-PSK, it is now EAP-TTLS. The authentication is done by a central LDAP server, so one uses his common college network uid/password for authentication. Really neat.
But I had some trouble getting it to work on my Nokia 5800 smartphone, although a firmware upgrade added native EAP support. I changed the security settings of the wifi to EAP, selected all the right options, but still it would obstinately show the message: "TTLS/PAP authentication failure" or something like that.
I almost gave up hope, when I learnt from prof. Golam Mortuza Hossain that Nokia doesn't allow TTLS/PAP authentication unless an authority certificate is installed. So I promptly transferred the CA certificate to my phone over bluetooth. But the phone didn't even detect it as a certificate.
Then I learnt that Nokia phones only allow certificates of DER format. The conversion is easy enough, provided that openssl is installed on your computer:
That's it. Finally I can connect to the college wifi.
I wish it were that simple for Kindle 3! For some inscrutable reason, amazon doesn't allow kindles to access WPA-enterprise or ad-hoc networks. Even on jailbroken kindles, the process to make it work is very messy:one has to create a WPA wifi with the same ssid first, so that it is added to the list of 'Known' wifi networks, and then install a wpa_supplicant script. I haven't managed to do all that yet. Besides, kindle has free 3g anyway.