Summary
How to connect a Windows 7 system to a WPA-Enterprise/802.1X wireless network using Certificate Authorities (CA).
Problem
Clients running Windows 7 are unable to connect to the Wireless network without receiving a certificate validation warning.
Solution
Microsoft’s Windows 7 operating system is very strict on how 802.1X/EAP wireless networks are connected. Without the use of registry hacks, it is not possible to connect a Windows 7 system to a WPA-Enterprise/802.1X wireless network without certificate validation.
The following describes a process of setting up an 802.1X authenticated wireless network under Windows 7 without the use of registry hacks.
Prepare the CA certificate
- From the Smoothwall administration user interface, go to Services > Authentication > BYOD.
- Download the certificate file (Certificate.cer by default).
- Copy the certificate file onto a suitable medium for transfer to the device, for example, USB flash drive or CD-R media.
Import the CA certificate on the device
- Double-click the Certificate.cer file.
- Windows will present the certificate details for inspection. Click the Install Certificate button.
- When asked where to install the certificate, click Browse, and select Trusted Root Certificate Authorities.
Create a wireless network profile
It is not possible to join the wireless network from the notification area icon, as Windows defaults to incorrect settings for the network. A profile must be created manually:
- Access Network and Sharing Center via Control Panel.
- Click Set up a new connection or network.
- In the window that appears, select Manually connect to a wireless network.
- Enter the network name (SSID) into the Network Name box.
- Select WPA2-Enterprise as the security type.
- Select AES as the encryption type.
- Leave Security Key blank
- Check Start this connection automatically to connect as the network becomes available.
- Click Next.
- Click Change Connecting Settings.
Modify security settings of network profile
- Select the Security tab
- Ensure Microsoft: Protected EAP (PEAP) is selected in the drop-down.
- Click Settings.
- Ensure Validate server certificate is selected.
- Ensure Connect to these servers is not selected.
- Ensure the imported root CA is selected in the list under Trusted Root Certification Authorities
- Clear the selection for Do not prompt user to authorize new servers or trusted certification authorities.
- Ensure Secured password (EAP-MSCHAPv2) is selected under Select Authentication Method.
- If your wireless network credentials DO NOT match your Windows credentials, click Configure and clear the selection for Automatically use my Windows logon name and password.
- Click OK.
- Click OK.
- Click Advanced settings
- Ensure Specify authentication mode is selected, and change the drop-down to User authentication.
- Click OK.
- Click OK.
Connect to the wireless network
- Click on the wireless network icon in the notification area.
- From the wireless network list, select the wireless network required and click Connect.
- When prompted, enter your username and password.
If you did not clear the selection for Automatically use my Windows logon name and password then you will not be prompted. - You should now be connected to the wireless network.