Configuring Android wireless client for PEAP+MSCHAPv2 (v1.0, 20th Mar 2014)

Described here are the steps involved in configuring the wifi client of Android 4.4.2 to use eduroam, authenticating via PEAP+MSCHAPv2. The same process may work for other versions of Android too. Your home site will be able to tell you whether PEAP+MSCHAPv2 is the appropriate authentication method that you should use.

Wherever you see the icon in the instructions below you can click on the text beside it to display further information and click on it again to hide the detailed text once more. Click on an image to open a larger version in a new browser window.

Information you will need

To complete these instructions you'll need some information specific to your home site/organisation, plus your own credentials, as listed below. If any of the details in your wifi profile are incorrect then your authentication will fail and you will not gain wifi access via eduroam. The IT department of your home site will be able to provide you with these details:

Information requiredSample string in the instructions below
Your home site's domain name as would appear in, for example, your e-mail address e.g. ucd.iemysite.ie
The name of the CA certificate used by your home site for eduroam.AddTrust External CA Root
A file containing the actual CA certificate used by your site for eduroam.http://www.mysite.ie/cacert.crt
The username you use to authenticate against your home account. Note the inclusion of your domain name e.g. jsoap@ucd.iemyname@mysite.ie
The password you use to authenticate against your home account.mypassword

Configuration instructions

The instructions below are broken into several sections:

Install your home CA certificate

Your home site should provide you with a CA certificate to install on your device, this certificate is necessary to protect your credentials when using WiFi. Typically the certificate will be made available via a website and you download it to your device via a web browser.

Further info on CA certificate

  1. Open up a web browser on your Android device and go to the URL provided by your home site (e.g. http://www.mysite.ie/cacert.crt)

  2. Android should download the certificate and install it locally.
    When prompted, enter a name and purpose for the certificate, and tap OK:
    Certificate name:AddTrust External CA Root
    Credential use: Wi-Fi

Create your eduroam profile

  1. Go into Settings on your device, and under WIRELESS & NETWORKS, tap Wi-Fi:
  2. Tap + to add a new Wi-Fi network:
  3. Create the new profile as follows, and tap Save:
    Network SSID: eduroam
    Security:802.1x EAP
    EAP method:PEAP
    Phase-2 authentication:MSCHAPV2
    CA certificate AddTrust External CA Root
    Identity: myname@mysite.ie
    Anonymous identity: anonymous@mysite.ie
    Password: mypassword

    Further info on outer identity

Your wireless client is now configured to avail of eduroam and should connect automatically when at a site where the eduroam service is available. Alternatively you can tap on the 'eduroam' entry in the list of wireless networks, and tap Connect if you want to force your device to connect.