Enterprise security requirements for WPA/WPA2 Enterprise now require a CA (Certificate Authority) certificate file to be imported to your unit. Some EAP types also require a client certificate and key. The example below assumes you are using MSCHAPV2.
Before You Begin
You may depend on your IT department to provide authorization certificates, which may be created by a Trusted Root Authority like VeriSign or DigiCert. If so, contact your IT department for the certificate resources. You will need:
CA certificate in .pem format
Clients:certificates in “. p12” format with private key (EAP TLS only)
Common name, domain name, username, and password for the server to which you want to connect.
If you have the ability to generate your own self signed certificates, such as a FreeRADIUS server, you can create these resources as needed. This procedure uses examples generated by a FreeRADIUS server as a certificate source, although other sources are available.
Once you have the certificate, continue with the following:
Copy the self-signed Certificate Authority (CA) file (in .pem format) onto a USB thumb drive.
Transfer the USB thumb drive to your AirCheck G3, and then copy the .pem file to the Downloads folder.
Open the Settings app.
Navigate to Security > Encryption & credentials > Install a certificate > Wi-Fi certificate. This opens the file picker.
Navigate to the Downloads folder and select the .pem file that holds your CA certificate.
Rename this certificate (for example, CA home). A message confirms that the Wi-Fi certificate has been installed.
Verify the CA certificate installed correctly:
Tap the system BACK button to return to Encryption & credentials.
Tap User credentials.
Verify that the name of your CA file (for example, CA home) is displayed.
Test Wi-Fi Management Using WPA2-E with PEAP
Open the Settings app on your unit and navigate to Network & internet.
Toggle the Wi-Fi button to on/Enabled.
Tap Wi-Fi to view available networks.
Scroll down to and then select the SSID of the enterprise server you wish to connect to using WPA2-E
Configure the following WPA2-E options in the pop-up dialog:
EAP method: PEAP
Phase 2 authentication: MSCHAPV2
CA certificate: (use whatever name you chose for your CA certificate, for example, CA home)
Online Certificate Status: Do not validate
Domain: (enter the Common Name recorded above, for example, Example Server Certificate)
Identity: (enter whatever test username was set up for the server, for example, entuser1)
Anonymous identity: (leave blank)
Password: (enter the password set up for the server)
Tap the CONNECT button to apply settings and close the configuration page.