How to connect your Android phone to Corp Wifi

Depending on your Android device you may get web access via Wifi if you can set your Proxy configuration (see at the end). The following steps will enable Exchange sync and other services that do not require proxy access.

Adding PROXY server

1.     Under Settings > Wireless & networks > Wi-fi settings, from the menu, choose Advanced

2.     Set the Proxy to: proxyserver.domain.com

3.     Set the Port to: 80

4.     If you do not see proxy settings in the menu, try the voice dialer and say "Proxy settings".

This should be all that's needed to connect to WIFI.

(deprecated certificate installation steps)

1.     Open certmgr.msc on your corpnet PC.

2.     Navigate to Current User -> Personal -> Certificates

3.     Click Action -> All Tasks -> Request New Certificate

4.     Click Next.

5.     Use the default “Active Directory Enrollment Policy” and click Next.

6.     Select Authenticated Session_R2

7.     Click Details on the right side of this selection.

8.     Click the Properties button

9.     Go to the Private Key tab

10.  Expand the Key Options bar.

11.  Select “Make Private Key Exportable”.

12.  Click OK

13.  Click Enroll

14.  You’ll see a new cert in the window now with Certificate Template “Authenticated Session_R2”.

15.  Right click that Certificate

16.  Select All Tasks -> Export

17.  Select “Yes export the private key”.

18.  Leave the default options and click Next.

19.  It will ask for you to assign a password.

20.  Save the key somewhere on disk.

21.  Rename the key to a .p12 extension.

22.  Connect the Droid to the PC with the USB.

23.  Copy the .p12 to the root of the smart card.

24.  On the Droid go to Settings -> Location & Security

25.  Select “Install from SD Card”

26.  Select the .p12 file to install the cert and give it a name.

27.  If your correct password is not accepted, try "Importing certificates" below.

28.  Now go to Settings -> Wifi Settings

29.  Select “CORP-WLAN”

30.  For EAP method select “TLS”

31.  Leave Phase 2 Authentication as “None”

32.  Leave C/A Certificate as “None”.

33.  Client Certificate should be the installed cert name.

34.  In Identity enter your domain\alias

35.  Leave Anonymous Identity blank.

36.  For Wireless Password enter your domain password.

37.  Click Connect.

38.  ​Proxy Settings (Your Phone May Not Have This.)

You can also use your username and password to connect to CORP-WLAN access point:

1.    EAP method: leave as default (PEAP)

2.    Phase 2 authentication: MSCHAPV2 or none. I think it depends on which building you are in.

3.    CA certificate: leave empty

4.    User certificate: leave empty

5.    Identity: your domain\username

6.    Anonymous identity: empty

7.    Password: your domain password

Importing certificates into Android 2.1

2.1 will not let you import chained certs, complaining about incorrect password. Here is a workaround:

openssl.exe pkcs12 -in .p12 -out tempcert.pem -nodes

openssl.exe pkcs12 -export -out .p12 -in tempcert.pem

Using ProxyDroid (requires root!)

If you don't have access to changing your proxy settings (or only want the proxy settings to apply on corpnet), install ProxyDroid. Connect to CorpNet normally as per the instructions above (no certificates, just the 1-7 above). Then set ProxyDroid as follows to get web, exchange access:

1.     Host: proxyserver.domain.com

2.     Port: 80

3.     Proxy Type: HTTP

4.     Auto Connect: Checked

5.     Binded Network: CORPWLAN

6.     Intranet Addresses: 192.168.0.0/24

7.     User: your alias

8.     Password: ********

9.     NTLM Authentication: Checked

10.  Domain: your domain

11.  Global Proxy: Checked

12.  DNS Proxy: Unchecked

Android 2.3.3 Compatibility

* The above instructions work on Samsung/Google Nexus S running Android 2.3.3

* Proxy instructions are to be entered into Firefox Browser.

Devices Tried - User Entered

​Device	OS Version​	​Status	​Comments
​Nexus One	​2.3.4	​Success	​No Gmail push, No Gtalk
​Captivate	​2.3.3 2.2	​Success	​
​Iconia A500	​3.0.1	​Success	​No Gtalk
​Samsung Vibrant	​2.2	​Success	​​No Gmail push, No Gtalk
Droid Incredible​	​2.2	​Success	​No Gmail push (can get around by adding Gmail in exchange mode), No Gtalk
Samsung Infuse​	​2.2.1	​Success	​Had to downgrade /system/bin/wpa_supplicant to v511 since the version that ships with froyo (2.2.1) does not work well with EAP. To downgrade you'll need root access (see this xda post). Since I have root I used ESExplorer (with root perms) to overwrite the file and reboot. Successful connection w/ PEAP+MSCHAPv2. Use WifiAid to create a profile for corp-wlan so you won't have to change the proxy (via menu button -> advanced from the wifi settings screen) every time you leave work.
​Samsung Galaxy Tab 10.1	​3.1	​Success	​No Gmail push, No Gtalk
​Toshiba Thrive 10.1"	​3.1	​Success	​Touchdown exchange works, internet browse worked, no access to intranet websites.
​HTC Desire HD	2.2 ​2.3.4	​Success	​Exchange works, can send/receive corporate emails or connect and browse the contents in the phone via wifi with work PCs. Proxy that embedded in CM roms not work properly, fail to connect any Internet sites or services that require Internet connections. Only a few browsers work.
​HTC HD2	​3.1 (Nexus v2.8)	​Success	​Everything.
​Motorola Atrix 4G	​2.3.4 CM7	​Success	​Everything working as far as I can tell. Install ProxyDroid and set as above, everything works well
​LG Optimus S	2.2​, 2.3.3	​Success	​Rooted and installed ProxyDroid. Must enable NTLM authentication in ProxyDroid. Gmail push and browser work fine. No Gtalk, can't connect to internal sites (ProxyDroid's internal ip filter fails, gets an itgproxy error in brower).
​HTC Thunderbolt	​2.3.4	​Success	​Rooted; installed ASProxy as I could not get ProxyDroid to work. Everything works except gtalk and cannot get to internal web sites. ActiveSync is fine, too.
​LG Optimus V (Virgin Mobile VM 670)	​2.2.1	​Success	​Corpwlan instructions work rooted or not. web sites work without proxy set on the default browser, same for email (in Advanta-C). Touchdown and Gmail work fine.
​HP Touchpad with CM7	​Alpha 2.1	​Success	Installed ProxyDroid and Imported Certificate from SD method​
​Samsung Captivate	​2.2.1	​Success	​Connected to network using Phase 2 authentication: MSCHAPV2 as described above then entered proxy name & port.
​Samsung/Google Nexus S	​CM7.1 Nightly (2.3.7 based)	​Success	​Used ProxyDroid. Internal websites don't work as expected. Market and Browser work.
​Sansung Galaxy S II Skyrocket	2.3.5​	​Suceess	Connected to network using Phase 2 authentication: MSCHAPV2 as described above then entered proxy name & port. The browser works but some apps can't connect, like the market or facebook
​Kindle Fire	​6.2_user_3003020	​Fail	​It says connected on the Wifi Page but the wifi icon has a cross next to it and neither the browser nor other apps will connect. I tried all three ways above (TLS, MSCHAPv2 and None)
​Samsung Galaxy Note	​2.3.5	​Success	​Rooted and installed Autoproxy. Connected without Phase 2 authentication.
HTC Flyer/Evo View​	​3.2.1	​Success	Not rooted - used EAP and ProxyDroid settings without Phase 2 auth​
Motorola Xoom​	​3.1	​Success	​Connected to network using Phase 2 authentication: MSCHAPV2 as described above then entered proxy name & port.
Asus Transformer TF101​	​3.2.1	​Success	​Connected using MSCHAPV2 and TLS, recommend using ProxyDroid or WiFiAid for setting up the proxy profiles. All services appear to work.
​HP TouchPad with CM9	​4.0.3 (Alpha 0.6)	​Success	​Connected to network using Phase 2 authentication set to MSCHAPV2 and entered proxy information in advanced options. Note: Connection icon stays gray instead of turning blue, but the connection still works.
Samsung/Google ​Galaxy Nexus LTE (Verizon)	​4.0.2	​Success	​Connected to network using Phase 2 authentication set to MSCHAPV2 and entered proxy information in advanced options. Note: Connection icon stays gray instead of turning blue, but the connection still works.
​Samsung Galaxy S (not II, t-mobile)	​2.3.6	​Success	Wouldn't connect until specified Phase 2 MSCHAPV2. domain\username + password were the only credentials required All apps work (Didn't bother to specify proxy).
​Nexus One	​2.3.7	​Success	​Followed above listed instructions. Gtalk doesn't seem to connect. Gmail, Market worked.