Copy the files „your name.p12“ and „WLAN Wohnheim Friedrichstrasse 2048Bit CA_2.crt“ to the Desktop.
First, install the root certificate to establish ourselves as an authority.
Double-click on „WLAN Wohnheim Friedrichstrasse 2048Bit CA_2.crt“.
In the „Certificate“ property box, click Install Certificate.
In the Wizard, click Next.
Choose Place all certificates in the following store, and choose „Trusted Root Certification Authorities“.
Click Next to finish.
Next, install the client certificate.
Double-click on „your name.p12“.
In the Wizard, click Next and Next again.
You will be asked for your user-password.
Choose Automatically select the certificate store based on the type of certificate.
Click Next to finish.
This section assumes that you have:
Note Hotfix Q815485 does not provide WPA support and wireless encryption through TKIP and AES. As far as I understand, this provides the mechanisms for Windows XP to configure and manage such features (as opposed to manufacturer-specific utilities). You'll still need WPA support from your wireless hardware drivers.
As an example of this, I normally use a built-in Broadcom 54g MaxPerformance 802.11g with my notebook. The drivers for this provide WPA support with WEP, TKIP and AES encryption, and this can be configured either with the standard Windows XP property boxes, or through Broadcom's own utility.
The configuration of a WPA-authenticated connection can normally be carried out in in two ways. Firstly, many wireless adapter manufacturers provide utilities to manage wireless connections on their hardware. As this method depends on exactly what card one is using, it is not covered here; furthermore, I guess that those who plan on taking this route will probably not need to read this section!
The second route is to let Windows XP manage the authentication. This I can describe.
Plug in and/or activate your wireless hardware. A „two monitors“ icon may appear in the Notification Area for the interface.
Right-click on the wireless interface's „two monitors“ icon in the Notification Area, and choose View Available Wireless Networks. At this point, you will be presented with a list of available networks. If you configured your AP with „Disable SSID Broadcast“ (or similar), you might not see any networks at all. In either case,
Click Advanced… in the box that opens. The wireless interface's properties box will open.
Check Use Windows to configure my wireless network settings.
In the „Preferred networks“ group, choose the network with WPA authentication and click Properties. If its not listed, click Add…. At this point, the „Wireless network properties“ box appears.
If it is absent, enter the network's SSID (Association tab).
Under the Association tab, in the „Wireless network key“ group, set the following:
Under the Authentication tab, set:
Check Authenticate as computer…
Uncheck Authenticate as guest…
EAP Type: Smart Card or Other Certificate.
Click Properties (under the Authentication tab).
In the „Smart Card or other Certificate Properties“ box, set the following:
Choose Use a certificate on this computer
Check Use simple certificate selection
Check Validate server certificate
Uncheck Connect to these servers:
In the list of trusted root CAs, check „WLAN Wohnheim Friedrichstrasse 2048Bit CA_2“
Uncheck Use a different user name for the connection
Click OK in all three boxes to set the connection properties.
If all is well-configured, everything should be working in minutes. (The process could take a minute or longer from cold; I find that activating the connection on my notebook before logging in seems to work the quickest.) To check progress, open up the Network Connections pseudo-folder from Control Panel. The status of the wireless connection should go from „Wireless connection unavailable“ to „Attempting authentication“ and then „Authentication succeeded“ (along with an informative speech bubble from the Notification Area). If you use DHCP, check that the interface has acquired an IP address.
That's it!
