-----
====== Windows and Hotspot 2.0/Passpoint ======
===== Introduction =====
* This page will discuss the provisioning of Passpoint credentials to Windows devices.
* Windows are a bit more involved compared to Android and Apple when it comes to connecting to a Hotspot2.0/Passpoint network.
* The basics stays the same though.
* We have:
* An XML file that contains items like the RCOI and credentials to connect.
* An optional embedded CA Certificate.
* The installation of the Passpoint profile however required you to use the command line interface (This is the little bit more involved part)
* Lets look at an Example XML file and discuss the important items in it
-------
===== Windows Example =====
Wenley-HiFi-1.0.1_Passpointradiusdesk.comABCD1234WPA2AEStrueenabled720128disableduser2100311uam.mesh-manager.com;radiusdesk.comD1EB23A46D17D68FD92564C2F1F1601764D8E349false2600026falsetrueanonymous@hotspottwo2131126026koos@hotspottwotesting123
------
==== Certificate handling ====
* Microsoft handles certificates in a more complicated way.
* You have to install the CA and then reference the **SHA-1 Thumbprint** of the CA inside the XML file.
------
==== Obtaining the SHA-1 Thumbprint ====
* To obtain the SHA-1 thumbprint of the CA you can use the following command (assuming the CA file is called ca.pem)
openssl x509 -in ca.pem -noout -fingerprint -sha1
#Outputs the following:
SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
#Then remove the colons and use it uppercase (40 Characters):
D1EB23A46D17D68FD92564C2F1F1601764D8E349
----------
==== PEAP vs EAP/TTLS/ ====
* You will notice that we use PEAP instead of EAP/TTLS for authentication.
* It is recommended that you use PEAP on Windows since support for EAP/TTLS/ might not be complete.
-------
==== Installing the certificate and profile ====
* Install the CA on Windows using the **certutil** from the command line:
certutil -addstore root ca.pem
* Install the profile also from the command line:
netsh wlan add profile filename="wenley-peap.xml" user=all
* Check the available networks with:
netsh wlan show networks