01-15-2013 12:30 PM - edited 01-15-2013 12:33 PM
We have around 350 Blackberry Mobile Phones which we want to connect to our newly acquired WIFI network. We want to connect our Blackberry devices, which consist mostly of the Bold and teh Torch, to our secure 802.1x network, instead of less secure WIFI network.
All our other devices work flawless, except it is impossible to get our Blackberry devices working. We tried the following:
- Export certificate and send the certificate to the Blackberry device either by BDM or by Mail. We can see the certificate and select them in the WIFI profile.
- Changed several options in the WIFI profile, for example:
>> PEAP and LEAP
>> username, username@domain, domain\username
>> Enable and disable certificate verification
>> Putting DNS config in either Server or Server-SAN
>> Instead of using our self signed certificate, use a random one ie Entrust Root CA
All of the above are tested and cross tested. The config which should be correct if I am not mistaken:
>> WPA/WPA2 Enterprise
>> Exported self signed CA Certificate
>> Inner check EAP MS Chap v2
>> Disable server certificate validation
All our other devices, being it Microsoft, iOS, Linux or Android are working fine.
All in all, I am out of options. Any help about this would be apreciated.
Thanks for any feedback
01-15-2013 02:19 PM - edited 01-15-2013 02:22 PM
Are they on BES?
if yes what version BES?
this should help some either way
Are you running N? only 2.4 mhz is supported on Torch
Look at my tips on wifi
01-15-2013 04:33 PM - edited 01-15-2013 04:37 PM
Thanks for your reply.
Tested the connection on the 9790 and 9900. Both could not connect and gives "Can not connect to the network" or sometimes "Can not acquire IP address" (or similar). Software on both devices are the latest (7.1). I can see that the device is joining the access point, but disconnects soon after (few seconds).
I have read that Blackberry can not talk with any authentication server, hence the need of the CA root certificate for PEAP. But this I can not get confirmed by RIM or any other reliable source.
Regarding the supporting methods, I can assure that this is the case. Our method is PEAP with inner authentication EAP-MS CHAPv2. Which in normal cases should not ask for a certificate at all.
Yes we have a BES, to manage and support our devices. However the BES is not the issue in any way, as I have tested connections with or without activated to the BES. We will use the BES for providing the WIFI profile and if needed the certificate. But this is a step I can take when the connection is up and running.
RIM support only points us at the method for PEAP, which is export the self signed root cerrtificate to the handheld. But we tested this in several differnt configurations with as a result no connection unfortunately.