I am new to the ESP32 and IoT in general.
I am trying to connect to an Access Point via Identity and Certificate provided by my IT counterpart
but the connection fails on the authentication part of the radius server. the radius server log shows
this error "EAP-TLS failed SSL/TLS handshake because the client rejected the ISE local-certificate".
Can anyone point me to a guide/documentation on how to fix/bypass this handshake?
Below are the libraries that I am using at the moment.
#include "esp_wpa2.h"
#include "esp_wifi.h"
Appreciate any help!
ESP32 WPA2 Enterprise Connection via Identity and Certificate
Re: ESP32 WPA2 Enterprise Connection via Identity and Certificate
I'm also having troubles connecting to a Certificate based WPA2-enterprise network.
Did you find a solution?
Did you find a solution?
Re: ESP32 WPA2 Enterprise Connection via Identity and Certificate
I'm thinking to use this feature for our commercial product design, is this problem fixed?
Re: ESP32 WPA2 Enterprise Connection via Identity and Certificate
Enable the debug log on mbedtls, lwip and WiFi to see any errors during authentication.
This worked for me and I could see that there was insufficient heap to validate the customer ServerCa.crt upon handshake. Customer used quite a large certificate of 20kb.
Also make sure the identity is set the way the Radius expects it. Sometimes it's a name, might be a friendlyName property from the certificate or the device Mac.
We are using the esp32 in commercial products on all types of WiFi networks, including wpa2-peap and certificates based.
This worked for me and I could see that there was insufficient heap to validate the customer ServerCa.crt upon handshake. Customer used quite a large certificate of 20kb.
Also make sure the identity is set the way the Radius expects it. Sometimes it's a name, might be a friendlyName property from the certificate or the device Mac.
We are using the esp32 in commercial products on all types of WiFi networks, including wpa2-peap and certificates based.
Re: ESP32 WPA2 Enterprise Connection via Identity and Certificate
HiLeander wrote: ↑Sat Mar 19, 2022 9:21 amEnable the debug log on mbedtls, lwip and WiFi to see any errors during authentication.
This worked for me and I could see that there was insufficient heap to validate the customer ServerCa.crt upon handshake. Customer used quite a large certificate of 20kb.
Also make sure the identity is set the way the Radius expects it. Sometimes it's a name, might be a friendlyName property from the certificate or the device Mac.
We are using the esp32 in commercial products on all types of WiFi networks, including wpa2-peap and certificates based.
I'm trying to make my ESP32 connect to 2 different networks (Eduroam). One of them asks only for the Username & Password while the other requires registering with an account then an SMS will be sent to my phone.
How i can distinguish which type of Eduroam is this? and what type of certificates that i should include in the code to make the device connect?
I tried the WPA2 Enterprise Example that comes with the ESP-IDF but my ESP32 get stuck in the connecting state until it reset.
Thank you....
Re: ESP32 WPA2 Enterprise Connection via Identity and Certificate
I don''t believe esp32 supports networks with an authentication website after connecting to the wifi.
The other network with wpa2-enterprise PEAP authentication should work.
You will need to know the following before connecting:
First do the regular stuf such as creating a handle, init netif, init wifi, register handlers.
Then set the esp_wifi_set_mode and the esp_wifi_set_config
Then for PEAP networks set esp_wifi_sta_wpa2_ent_set_identity, esp_wifi_sta_wpa2_ent_set_username,esp_wifi_sta_wpa2_ent_set_password and esp_wifi_sta_wpa2_ent_set_ca_cert.
Don't forget to set the esp_wifi_sta_wpa2_ent_enable() function and only then execute with esp_wifi_start()
The same network SSID can't have 2 different authentication types. The SSID name should be different, that's how you set the connection to the correct network. Put the ssid in the esp_wifi_set_config function.
The other network with wpa2-enterprise PEAP authentication should work.
You will need to know the following before connecting:
- PEAP identity (can be the username or device mac address)
PEAP username
PEAP password
Server-CA certificate
First do the regular stuf such as creating a handle, init netif, init wifi, register handlers.
Then set the esp_wifi_set_mode and the esp_wifi_set_config
Then for PEAP networks set esp_wifi_sta_wpa2_ent_set_identity, esp_wifi_sta_wpa2_ent_set_username,esp_wifi_sta_wpa2_ent_set_password and esp_wifi_sta_wpa2_ent_set_ca_cert.
Don't forget to set the esp_wifi_sta_wpa2_ent_enable() function and only then execute with esp_wifi_start()
The same network SSID can't have 2 different authentication types. The SSID name should be different, that's how you set the connection to the correct network. Put the ssid in the esp_wifi_set_config function.
Who is online
Users browsing this forum: No registered users and 13 guests