Wi-Fi WPA2-Enterprise with TLS Profile Sample (Compact 7)
3/12/2014
This sample profile uses Extensible Authentication Protocol-Transport Level Security (EAP-TLS) with certificates to authenticate to the network.
This sample is configured to use Wi-Fi Protected Access 2 security running in Enterprise mode (WPA2-Enterprise). The WPA2-Enterprise security type uses 802.1X for the authentication exchange with the server. Encryption uses the Advanced Encryption Standard (AES) cipher type.
The certificate store is the source of EAP-TLS credentials. If authentication based on the credentials in the certificate store does not work, it prompts the user to provide valid credentials. If the first try does not work, authentication does not use alternative servers, root certificate authorities, or user names.
<?xml version="1.0"?>
<WLANProfile xmlns="https://www.microsoft.com/networking/WLAN/profile/v1">
<name>SampleWPA2EnterpriseTLS</name>
<SSIDConfig>
<SSID>
<name>SampleWPA2EnterpriseTLS</name>
</SSID>
</SSIDConfig>
<connectionType>ESS</connectionType>
<connectionMode>auto</connectionMode>
<autoSwitch>true</autoSwitch>
<MSM>
<security>
<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
</authEncryption>
<OneX xmlns="https://www.microsoft.com/networking/OneX/v1">
<EAPConfig>
<EapHostConfig xmlns="https://www.microsoft.com/provisioning/EapHostConfig"
xmlns:eapCommon="https://www.microsoft.com/provisioning/EapCommon">
<EapMethod>
<eapCommon:Type>13</eapCommon:Type>
<eapCommon:AuthorId>0</eapCommon:AuthorId>
</EapMethod>
<ConfigBlob><!-- This is empty. See note below --></ConfigBlob>
</EapHostConfig>
</EAPConfig>
</OneX>
</security>
</MSM>
</WLANProfile>
Remarks
PEAP implementation ofWindows Embedded Compact supports only ConfigBlob, which contains all EAP configurations as a hexadecimal binary. For most settings, the value of ConfigBlob is empty.
Note
When ConfigBlob is empty, it uses the default EAP configuration. You can also customize ConfigBlob, which is the configuration binary of the given EAP formatted in hexadecimal. You can obtain the corresponding configuration binary from the ppConfigOut parameter of EapHostPeerInvokeConfigUI. If you call EapHostPeerInvokeConfigUI, it promotes the corresponding EAP configuration user interface (UI) to edit the configuration. The output of ppConfigOut is the binary of the configuration. You must format the binary to hexadecimal before saving it to ConfigBlob.
See Also
Tasks
Wi-Fi Non-Broadcast Profile Sample
Wi-Fi WPA-Enterprise with PEAP-MSCHAPv2 Profile Sample
Wi-Fi WPA-Enterprise with TLS Profile Sample
Wi-Fi WPA-Personal Profile Sample
Wi-Fi WPA2-Enterprise with PEAP-MSCHAPv2 Profile Sample
Wi-Fi WPA2-Personal Profile Sample