How to connect your Android phone to Corp Wifi

Depending on your Android device you may get web access via Wifi if you can set your Proxy configuration (see at the end). The following steps will enable Exchange sync and other services that do not require proxy access.
Adding PROXY server
1.     Under Settings > Wireless & networks > Wi-fi settings, from the menu, choose Advanced
2.     Set the Proxy to:
3.     Set the Port to: 80
4.     If you do not see proxy settings in the menu, try the voice dialer and say "Proxy settings".
This should be all that's needed to connect to WIFI.
(deprecated certificate installation steps)
1.     Open certmgr.msc on your corpnet PC.
2.     Navigate to Current User -> Personal -> Certificates
3.     Click Action -> All Tasks -> Request New Certificate
4.     Click Next.
5.     Use the default “Active Directory Enrollment Policy” and click Next.
6.     Select Authenticated Session_R2
7.     Click Details on the right side of this selection.
8.     Click the Properties button
9.     Go to the Private Key tab
10.  Expand the Key Options bar.
11.  Select “Make Private Key Exportable”.
12.  Click OK
13.  Click Enroll
14.  You’ll see a new cert in the window now with Certificate Template “Authenticated Session_R2”.
15.  Right click that Certificate
16.  Select All Tasks -> Export
17.  Select “Yes export the private key”.
18.  Leave the default options and click Next.
19.  It will ask for you to assign a password.
20.  Save the key somewhere on disk.
21.  Rename the key to a .p12 extension.
22.  Connect the Droid to the PC with the USB.
23.  Copy the .p12 to the root of the smart card.
24.  On the Droid go to Settings -> Location & Security
25.  Select “Install from SD Card”
26.  Select the .p12 file to install the cert and give it a name.
27.  If your correct password is not accepted, try "Importing certificates" below.
28.  Now go to Settings -> Wifi Settings
29.  Select “CORP-WLAN”
30.  For EAP method select “TLS”
31.  Leave Phase 2 Authentication as “None”
32.  Leave C/A Certificate as “None”.
33.  Client Certificate should be the installed cert name.
34.  In Identity enter your domain\alias
35.  Leave Anonymous Identity blank.
36.  For Wireless Password enter your domain password.
37.  Click Connect.
38.  ​Proxy Settings (Your Phone May Not Have This.)

You can also use your username and password to connect to CORP-WLAN access point:
1.    EAP method: leave as default (PEAP)
2.    Phase 2 authentication: MSCHAPV2 or none. I think it depends on which building you are in.
3.    CA certificate: leave empty
4.    User certificate: leave empty
5.    Identity: your domain\username
6.    Anonymous identity: empty
7.    Password: your domain password

Importing certificates into Android 2.1
2.1 will not let you import chained certs, complaining about incorrect password. Here is a workaround:
openssl.exe pkcs12 -in .p12 -out tempcert.pem -nodes

openssl.exe pkcs12 -export -out .p12 -in tempcert.pem

Using ProxyDroid (requires root!)

If you don't have access to changing your proxy settings (or only want the proxy settings to apply on corpnet), install ProxyDroid. Connect to CorpNet normally as per the instructions above (no certificates, just the 1-7 above). Then set ProxyDroid as follows to get web, exchange access:
1.     Host:
2.     Port: 80
3.     Proxy Type: HTTP
4.     Auto Connect: Checked
5.     Binded Network: CORPWLAN
6.     Intranet Addresses:
7.     User: your alias
8.     Password: ********
9.     NTLM Authentication: Checked
10.  Domain: your domain
11.  Global Proxy: Checked
12.  DNS Proxy: Unchecked

Android 2.3.3 Compatibility
* The above instructions work on Samsung/Google Nexus S running Android 2.3.3
* Proxy instructions are to be entered into Firefox Browser.

Devices Tried - User Entered
OS Version
Nexus One
No Gmail push, No Gtalk
Iconia A500
No Gtalk
Samsung Vibrant
​​No Gmail push, No Gtalk
Droid Incredible
No Gmail push (can get around by adding Gmail in exchange mode), No Gtalk
Samsung Infuse
Had to downgrade /system/bin/wpa_supplicant to v511 since the version that ships with froyo (2.2.1) does not work well with EAP. To downgrade you'll need root access (see this xda post). Since I have root I used ESExplorer (with root perms) to overwrite the file and reboot. Successful connection w/ PEAP+MSCHAPv2.
Use WifiAid to create a profile for corp-wlan so you won't have to change the proxy (via menu button -> advanced from the wifi settings screen) every time you leave work.
Samsung Galaxy Tab 10.1
No Gmail push, No Gtalk
Toshiba Thrive 10.1"
Touchdown exchange works, internet browse worked, no access to intranet websites.
HTC Desire HD
Exchange works, can send/receive corporate emails or connect and browse the contents in the phone via wifi with work PCs. Proxy that embedded in CM roms not work properly, fail to connect any Internet sites or services that require Internet connections. Only a few browsers work.
3.1 (Nexus v2.8)
Motorola Atrix 4G
Everything working as far as I can tell.
Install ProxyDroid and set as above, everything works well
LG Optimus S
2.2, 2.3.3
Rooted and installed ProxyDroid. Must enable NTLM authentication in ProxyDroid. Gmail push and browser work fine. No Gtalk, can't connect to internal sites (ProxyDroid's internal ip filter fails, gets an itgproxy error in brower).
HTC Thunderbolt
Rooted; installed ASProxy as I could not get ProxyDroid to work. Everything works except gtalk and cannot get to internal web sites. ActiveSync is fine, too.
LG Optimus V (Virgin Mobile VM 670)
Corpwlan instructions work rooted or not.
web sites work without proxy set on the default browser, same for email (in Advanta-C). Touchdown and Gmail work fine.
HP Touchpad
with CM7
Alpha 2.1
Installed ProxyDroid and Imported Certificate from SD method
Samsung Captivate
Connected to network using Phase 2 authentication: MSCHAPV2 as described above then entered proxy name & port.
Samsung/Google Nexus S
CM7.1 Nightly (2.3.7 based)
Used ProxyDroid.
Internal websites don't work as expected. Market and Browser work.
Sansung Galaxy S II Skyrocket
Connected to network using Phase 2 authentication: MSCHAPV2 as described above then entered proxy name & port.
The browser works but some apps can't connect, like the market or facebook
Kindle Fire
It says connected on the Wifi Page but the wifi icon has a cross next to it and neither the browser nor other apps will connect. I tried all three ways above (TLS, MSCHAPv2 and None)
Samsung Galaxy Note
Rooted and installed Autoproxy. Connected without Phase 2 authentication.
HTC Flyer/Evo View
Not rooted - used EAP and ProxyDroid settings without Phase 2 auth
Motorola Xoom
Connected to network using Phase 2 authentication: MSCHAPV2 as described above then entered proxy name & port.
Asus Transformer TF101
Connected using MSCHAPV2 and TLS, recommend using ProxyDroid or WiFiAid for setting up the proxy profiles. All services appear to work.
HP TouchPad with CM9
4.0.3 (Alpha 0.6)
Connected to network using Phase 2 authentication set to MSCHAPV2 and entered proxy information in advanced options.
Note: Connection icon stays gray instead of turning blue, but the connection still works.
Samsung/Google Galaxy Nexus LTE (Verizon)
Connected to network using Phase 2 authentication set to MSCHAPV2 and entered proxy information in advanced options.
Note: Connection icon stays gray instead of turning blue, but the connection still works.
Samsung Galaxy S (not II, t-mobile)
Wouldn't connect until specified
Phase 2 MSCHAPV2.
domain\username + password were the only credentials required
All apps work (Didn't bother to specify proxy).
Nexus One
Followed above listed instructions. Gtalk doesn't seem to connect. Gmail, Market worked.


1 comment:

  1. Excellent stuff. I was able to fix many issues in my android phone. Thanks a lot.