Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

Reply
Highlighted
New Contributor
Posts: 2
Registered: ‎01-15-2013
My Device: Bold 9790
My Carrier: KPN

WIFI and 802.1x

[ Edited ]

We have around 350 Blackberry Mobile Phones which we want to connect to our newly acquired WIFI network. We want to connect our Blackberry devices, which consist mostly of the Bold and teh Torch, to our secure 802.1x network, instead of less secure WIFI network.

 

All our other devices work flawless, except it is impossible to get our Blackberry devices working. We tried the following:

 

- Export certificate and send the certificate to the Blackberry device either by BDM or by Mail. We can see the certificate and select them in the WIFI profile.

- Changed several options in the WIFI profile, for example:

>> PEAP and LEAP

>> username, username@domain, domain\username

>> Enable and disable certificate verification

>> Putting DNS config in either Server or Server-SAN

>> Instead of using our self signed certificate, use a random one ie Entrust Root CA

 

All of the above are tested and cross tested. The config which should be correct if I am not mistaken:

>> WPA/WPA2 Enterprise

>> PEAP

>> Exported self signed CA Certificate 

>> Inner check EAP MS Chap v2

>> Disable server  certificate validation

>> username@domain

 

All our other devices, being it Microsoft, iOS, Linux or Android are working fine.

 

All in all, I am out of options. Any help about this would be apreciated.

 

Thanks for any feedback

Guru III
Posts: 32,116
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry PRIV, Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook,BT Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: WIFI and 802.1x

[ Edited ]

Are they on BES?

 

if yes what version BES?

 

this should help some either way

Wi-Fi Authentication methods supported with BlackBerry Smartphones

 

Are you running N? only 2.4 mhz is supported on Torch

 

Look at my tips on wifi
Speed-up-BlackBerry-Wi-Fi-connections-a-knottyrope-tip

 

 




Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info.


SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope


Want to thank me? Buy my KnottyRope App here


BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V


New Contributor
Posts: 2
Registered: ‎01-15-2013
My Device: Bold 9790
My Carrier: KPN

Re: WIFI and 802.1x

[ Edited ]

Thanks for your reply.

 

Tested the connection on the 9790 and 9900. Both could not connect and gives "Can not connect to the network" or sometimes "Can not acquire IP address" (or similar). Software on both devices are the latest (7.1). I can see that the device is joining the access point, but disconnects soon after (few seconds).

 

I have read that Blackberry can not talk with any authentication server, hence the need of the CA root certificate for PEAP. But this I can not get confirmed by RIM or any other reliable source.

 

Regarding the supporting methods, I can assure that this is the case. Our method is PEAP with inner authentication EAP-MS CHAPv2. Which in normal cases should not ask for a certificate at all.

 

Yes we have a BES, to manage and support our devices. However the BES is not the issue in any way, as I have tested connections with or without activated to the BES. We will use the BES for providing the WIFI profile and if needed the certificate. But this is a step I can take when the connection is up and running.

 

RIM support only points us at the method for PEAP, which is export the self signed root cerrtificate to the handheld. But we tested this in several differnt configurations with as a result no connection unfortunately.