Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
technical:pp-windows [2025/07/23 08:40] systemtechnical:pp-windows [2025/07/23 09:31] (current) – [Obtaining the SHA-1 Thumbprint] system
Line 64: Line 64:
                                         <ServerValidation>                                         <ServerValidation>
                                             <ServerNames>uam.mesh-manager.com;radiusdesk.com</ServerNames>                                             <ServerNames>uam.mesh-manager.com;radiusdesk.com</ServerNames>
-                                            <TrustedRootCAHash>AD2CBE4D96A8DDEB1E66EF736D9F4E58C154D973</TrustedRootCAHash>+                                            <TrustedRootCAHash>D1EB23A46D17D68FD92564C2F1F1601764D8E349</TrustedRootCAHash>
                                             <DisablePrompt>false</DisablePrompt>                                             <DisablePrompt>false</DisablePrompt>
                                         </ServerValidation>                                         </ServerValidation>
Line 147: Line 147:
 </CarrierProvisioning> </CarrierProvisioning>
 </file> </file>
 +
 +------
 +
 +==== Certificate handling ====
 +  * Microsoft handles certificates in a more complicated way.
 +  * You have to install the CA and then reference the **SHA-1 Thumbprint** of the CA inside the XML file.
 +
 +------
 +
 +==== Obtaining the SHA-1 Thumbprint  ====
 +  * To obtain the SHA-1 thumbprint of the CA you can use the following command (assuming the CA file is called ca.pem)
 +<code bash>
 +openssl x509 -in ca.pem -noout -fingerprint -sha1
 +#Outputs the following:
 +SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
 +#Then remove the colons and use it uppercase (40 Characters):
 +D1EB23A46D17D68FD92564C2F1F1601764D8E349
 +</code>
 +
 +----------
 +
 +==== PEAP vs EAP/TTLS/ ====
 +
 +  * You will notice that we use PEAP instead of EAP/TTLS for authentication.
 +  * It is recommended that you use PEAP on Windows since support for EAP/TTLS/<whatever> might not be complete.
 +
 +
 +-------
 +
 +==== Installing the certificate and profile ====
 +  * Install the CA on Windows using the **certutil** from the command line:
 +<code bash>
 +certutil -addstore root ca.pem
 +</code>
 +  * Install the profile also from the command line:
 +<code bash>
 +netsh wlan add profile filename="wenley-peap.xml" user=all
 +</code>
 +  * Check the available networks with:
 +<code bash>
 +netsh wlan show networks
 +</code>
 +
 +
 +
  
  • technical/pp-windows.1753252837.txt.gz
  • Last modified: 2025/07/23 08:40
  • by system