Feel free to go straight to the tool.
Recently I switched to Verizon and was immediately drawn to the Motorolla Droid. It is my first smartphone and I must say, it is magnificent! Besides a few hardware concerns (flat keyboard being the major complaint), it is the best phone I’ve ever owned.
One of the reasons I got a Droid, rather than only using my Zune HD, is because it can connect to WPA-Enterprise networks using PEAP authentication. I spend most of my time on my college campus (Purdue University), and we have to login to the wireless network using WPA-Enterprise with PEAP, so the Zune HD was not able to use the wireless network.
However, the Android platform can (at least on the Droid, which runs Android 2.0.1) connect using WPA with PEAP. The only problem with them is that there is no easy way to install the CA certificates necessary to connect to the network. To do this, you have to navigate to an x509 certificate with the correct HTTP headers in the browser. It only requires a few lines of PHP code and the CA certificate, but not many people have easy access to a PHP server or the technical knowledge to use it.
Thus, RealmB’s Android Certificate Installer was created. It allows you to upload a CA certificate from your computer, or from a URL, and have the browser receive the correct headers that launch the Android’s internal CA certificate installation process.
The tool is located at http://www.realmb.com/droidCert/.
Any comments, questions, or thanks can be left as comments here.
Note: I am especially interested to see if this works on non-Droid Android phone, so if it works, could you post a comment saying what type of phone you have and/or what version of Android you are running? (Android 1.5, 1.6, 2.0, or 2.1) Thanks a lot!
Update: I found the site where I found this little header trick: Android Security Discussions – Google Groups. Thanks to user “lynx.” The post is two thirds of the way down the page.
Update 2: Some commentators have said that this does not work on Android 1.5, sorry about that. It has been confirmed to work on Android 1.6 and above.
Pingback: Google Navigation for Android 2.0 on Motorola Droid | AboutAndroid.info
I have an htc tattoo (android 1.6) and it worked like a charm for wpa2 peap. Great tool!
I cannot set the 802.1x Enterprise security on tattoo. How did you set the certificate on tattoo
Where do you find the certificate on your computer?
Installed the certs successfully from what I could tell, but my Droid still complains about the certificate when I try to browse to OWA over https (SBS2003) and Exchange setup still fails. Any tips on getting the Exchange setup to work with SBS’s self-signed certificate?
Great tool!!! It worked great for my Nexus One (Android 2.1 Update 1)
It does not seem to work on my Hero with Android 1.5. It says that there is no program installed to open the file… Hopefully the update to 2.1 comes out quickly!
tried to use it with samsung spica running android 1.5 and it failed. ” Cannot download. The content is nors supported on the phone”
I installed on nexus one –gets installed but comes under client cert and not in CA cert.
I need it for CA cert???wat to do??
Worked great on my Nexus One with latest updates as of 3/3/2010.
Thanks a lot!!!
Someone with htc tattoo can please tell me your ROM version?? thanks a lot!!!
I just wanted to say Thanks a lot, it worked like a charm. HTC Nexus One as of April 11, 2010. Mine installed in CA certs just fine.
Again, Thanks!!
I have the same problem as someone above. It installs as client cert, not as CA cert. Tried with my own xampp server too, same effect. Any ides?
(Nexus One, 2.1-update1)
I think I know where the problem is. I’m trying to install GTE CyberTrust Root CA.
If you issue the
$ openssl x509 -text -in goodca.crt
command, then you get an output like this (among other things):
X509v3 Basic Constraints:
CA:TRUE
which is not present in my GTE Cybertrust cert. I think this is why it’s getting recognised as a client cert. And I don’t know how can I add this extension to it…
Any Ideas?
Pingback: WiFi - Secured "Open" Network, unable to login. - Droid Forum - Verizon Droid & the Motorola Droid Forum
Great tool!!! It worked great for my Nexus One (Android 2.1 Update 1)
Pingback: Hows the battery? - Android Forums
Pingback: Logging into Work Wifi - Android Forums
Can anyone help me like how to do this I got to UOIT.
Thanks for a great tool!!! you should promite this on the android forums out there I have been racking my brain over this forever…..It worked on my shiny new evo 6.9.2010 unbeleivable…..
thank you, master,
and i had repost to my blog
THANK YOU THANK YOU THANK YOU!!! You sire are a true lifesaver!
Thanks, this works flawlessly (converted a .pem file) on my Nexus One with Froyo 2.2 as of July 5th, 2010!
I have used this to install the cert to my droid, but it will not open the cert untill I provide a password. My IT guy swears there is no password to this cert. Has anyone experienced this? Any work arounds?
thanks, Ken
Dude just wanted to give a big thx. Your simple solution worked like charm.
How do I get the certificate from the wireless I’m trying to connect to?
Has any one tried your Droid Cert installer with a non-stock build like Cyanogen?
Pingback: instalacja certyfikatów głównych - Forum Android.com.pl
This was just awesome, I just got connected. thanks a lot
Worked perfectly on my stock Samsung Vibrant, connecting to my school’s PEAP network.
Is it possible to change local? cer or crt to p12.
Please tell me how to do it. only want to PEAP authentication validate.
Isn’t this kinda dangerous — possibly giving to the creator of this app, an organization’s certificate? Where does this certificate go when it is uploaded?
HEY VERY GOOD GUIDE, MY PROBLEM IS WHERE I FIND THE CERTIFICATE INSTALLED ? WHAT FOLDER? TKS
Great, worked a charm – Thanks. Next thing I have been struggling loads with is to install my user cert, any ideas?
Hi all,
I think i have a problem creating the certificate, I uploaded one but didn’t work,.Any one can help m eto create the correct certificate please?
My contact detials:
osama_zabin@yahoo.com
osama.zabinz@googlemail.com
Thanks in advance
Hey;
Great tool; I love it !
Just one thing, maybe you could use the QR Code API from google to show a QR Code… so there would not be a URL to type in on the smartphone
= http://chart.apis.google.com/chart?chs=150×150&cht=qr&chld=L|1&choe=UTF-8&chl=Your_URL
Hope this helps…
Pierrick
I’m confused to how to get this working properly. I’ve entered the CN URL into the “URL” box and I get an error message stating that “Error: downloaded file is under 100 bytes, something went wrong!” “Warning: file_get_contents(wireless.netaccess.umn.edu) [function.file-get-contents]: failed to open stream: No such file or directory in /home/realmbco/public_html/droidCert/index.php on line 114″
Here are the settings from my school.
//
General Wireless Configuration
To connect to the “UofM Secure” SSID, you will need a device that supports 802.1X authentication and WPA2 Enterprise.
OIT supports following EAP methods:
* EAP-PEAP with MSCHAPv2 (preferred)
* EAP-TTLS
Encryption:
AES
Key Management:
CCMP
Certificate Details:
Our X.509 certificate used for 802.1X authentication has a common name (CN) of “wireless.netaccess.umn.edu.”
The signing certificate authority (CA) is “Thawte Premium Server CA” and “AddTrust External CA Root”
//
Any ideas? Thanks!
Here’s the OIT link:
http://www.oit.umn.edu/wireless/setup-guides/general-configuration/index.htm
Thanks a bunch!
I heard all Android devices have a problem connecting to Purdue wifi. Is this true, and will your fix take care of the problem? Have HTC Inspire w/Android 2.2. thanks.
Fabulous, worked great. I needed to download an Eduroam CA certificate to be able to use WiFi at school. Your work is appreciated.
Hi,
I give your installer a try, because I want to set up my RADIUS PEAP connection on my android. So i uploaded it (onetime as base64 onetime as DER encoded) and installed them to my phone.
Problem is, that I can not select the cert in the wifi dialog (its not listed there)
Andy Idea?
I use a SGS with 2.2.1
I fourgot to say, that it is a self-signed cert
ok, now I know why: The self-signed cert is not made as an CA Cert. Thats why it is not listed there.. I think you should explain in your post, that only a cert which is created as an CA Cert can be listed in this field. A self-signed cert is mostly spoken a “end” cert!
Works like expected! Thanks for all the effort you’ve put into this!!
Just used site to upload a self-signed Cert to a Droid X and an IPhone. Both worked great. Thanks very much.
Quick and effective. LG Optimus One (P500). Thank you!
Thanks a lot! It worked just fine! I have to say though that when I tried to open the link with the Opera Mobile browser it didn’t install the certificate. When using Dolphin or the built-in browser instead it worked like a charm!
Thx for this smart tool installer. This little thing is very helpfull. I’ve got a Samsung Spice GT-i5700 (Android 2.1-update1, kernel 2.6.29) and CA Cert wasn’t to be visible on microSD card… Now I can easy login to radius (TLS authentication).
Just wanted to say the tool is awesome :D!! Finally an easy and quick way to get the certificate I need, cheers!!