Configuring WinXP built-in wireless client for PEAP+MSCHAPv2 using SecureW2 (v3.0, 27th Feb 2014)

Described here are the steps involved in configuring the built-in wireless client under Windows XP to use eduroam, authenticating via PEAP+MSCHAPv2 using the SecureW2 third-party supplicant software. Your home site will be able to tell you whether PEAP+MSCHAPv2 is the appropriate authenticiation method that you should use.

!!! Please Note (Mar 2010) !!!: Under the current licensing of SecureW2, recent versions of the software are no longer available for free and instead an individual or site license must now be purchased. For further information, including license costs, see

Wherever you see the icon in the instructions below you can click on the text beside it to display further information and click on it again to hide the detailed text once more. Click on an image to open a larger version in a new browser window.

Information you will need

To complete these instructions you'll need some information specific to your home site/organisation, plus your own credentials, as listed below. If any of the details in your wifi profile are incorrect then your authentication will fail and you will not gain wifi access via eduroam. The IT department of your home site will be able to provide you with these details:

Information requiredSample string in the instructions below
Your home site's domain name as would appear in, for example, your e-mail address e.g.
[OPTIONAL] The name of the CA certificate used by your home site for eduroam. You will not require this if your site is using a public CA which is already defined within your wireless client.GTE CyberTrust Global Root
[OPTIONAL] A file containing the actual CA certificate used by your site for eduroam. You will not require this if your site is using a public CA which is already defined within your wireless client.cacert.crt
The name on the SSL certificate presented by the authentication server at your home site e.g.
The username you use to authenticate against your home account. Note the inclusion of your domain name e.g.
The password you use to authenticate against your home account.mypassword

Notes on the built-in wireless client under WinXP

Configuration instructions

Follow these steps to configure your wireless client:

  1. First, install SecureW2. This is commercial third-party supplicant software (see note above), available from The SecureW2 website contains the software and installation instructions. Follow the instructions to install the software with the PEAP component.
  2. If your home site has provided you with a file containing a CA certificate then you will need to install it here, otherwise skip to the next step.

    Installing the CA certificate

    Further info on CA certificate

  3. Double-click on the application icon in the tray.
    Click View Wireless Networks.
  4. Click Change advanced settings.
  5. Click on the Wireless Networks tab.
  6. Click Add...
  7. Define the profile general details:
    Network name (SSID): eduroam
    Select Connect even if this network is not broadcasting
    Network Authentication: WPA2
    Data Encryption: AES
    Un-select This is a computer-to-computer (ad hoc) network; wireless access points are not used

    Click on the Authentication tab.

  8. Define the authentication settings:
    EAP type: SecureW2 PEAP
    Un-select Authenticate as computer when computer information is available
    Un-select Authenticate as guest when user or computer information is unavailable

    Click Properties

  9. You have now entered the SecureW2 configuration utility.
    Click New
  10. Name the new profile:
    Profile: eduroam

    Click OK

  11. Define your outer/anonymised identity:
    Select Use alternative outer identity:
    Select Specify outer

    Further info on outer identity

    Click on Certificates tab.

  12. Define your home server certificate details:
    Select Verify server certificate
    Trusted Root CA:Click on Add CA and select the appropriate CA entry for your home site from the list.
    Select Verify server

    Further info on server identity

    Click on Authentication tab.

  13. Define your authentication method:
    Select Authentication Method:EAP
    EAP Type:Secured password (EAP-MSCHAPv2)

    Click on User account tab.

  14. Provide your credentials:
    Un-select Prompt for user credentials
    Password: mypassword
    Logon domain: Leave blank

    Further info on credential settings

    Click OK

  15. Click OK to complete the profile creation.
  16. Click on the Connection tab.
  17. Define automatic connection mode:
    Select Connect when this network is in range

    Click OK

  18. You can make eduroam your preferred network by highlighting the eduroam entry and using the Move Up button to move it to the top of the list of preferred networks.

    Click OK

  19. Your wireless client is now configured to avail of eduroam and should connect automatically when at a site where the eduroam service is available.