BlackBerry Forums Support Community - View Single Post - 8320, WPA-TKIP, PEAP and no certificate?

hayabusa · 11-20-2008, 04:07 PM

Active Directoy will require 2 forms of authentication when using PEAP. Even though you IT guy is telling you that you don't use certs its because on a Windows machine they can validate your hop onto the access point by your computer name and user name which are both in Active Directory, hence 2 factor authentication.

In the Blackberry world these little guys don't talke to Activate Directory so in the peap setup you need to enter your Active Directory user ID and password, which is one form of authentication and then you need to have a personal certificate on the device which is located on your Windows workstation. You can access export this certificate by going to start>Run> and typing certmgr.msc. This will pop upon an mmc where you can export the cert you need. Usally it will be called your Company's name or Domain name with .cer behind it.

From there you can use Blackberry desktop manger to import the cert on to your device, or if your Blackberry Admin has the extension .cer setup on the Blackberry Server for known attachments you could just email it to yourself and then register it on your Blackberry when you see it as an attachment on your Blackberry. I hope some of this makes sense. In my current company we are looking at an easier way of setting this up for our users since we have already gone down the WPA Enterprise way of securing our Access Points without thinking that mobile devices are going to need certs but currently their deosn't seem to be an automated way of doing this for deployment.

11-20-2008, 04:07 PM	#24
hayabusa Talking BlackBerry Encyclopedia Join Date: Aug 2006 Location: Kansas Model: 9000 Carrier: Cingular Posts: 251	If you are PEAP you will need a Cert Active Directoy will require 2 forms of authentication when using PEAP. Even though you IT guy is telling you that you don't use certs its because on a Windows machine they can validate your hop onto the access point by your computer name and user name which are both in Active Directory, hence 2 factor authentication. In the Blackberry world these little guys don't talke to Activate Directory so in the peap setup you need to enter your Active Directory user ID and password, which is one form of authentication and then you need to have a personal certificate on the device which is located on your Windows workstation. You can access export this certificate by going to start>Run> and typing certmgr.msc. This will pop upon an mmc where you can export the cert you need. Usally it will be called your Company's name or Domain name with .cer behind it. From there you can use Blackberry desktop manger to import the cert on to your device, or if your Blackberry Admin has the extension .cer setup on the Blackberry Server for known attachments you could just email it to yourself and then register it on your Blackberry when you see it as an attachment on your Blackberry. I hope some of this makes sense. In my current company we are looking at an easier way of setting this up for our users since we have already gone down the WPA Enterprise way of securing our Access Points without thinking that mobile devices are going to need certs but currently their deosn't seem to be an automated way of doing this for deployment.
Offline