Android WPA-Enterprise Config

Delete any old networks

Used the Shmoocon network in previous years? If you have any settings for the Shmoocon network still in your device, delete them first.

Add the certificate

  • Download the Shmoocon 2025 CA certificate If you have problems with downloading the certificate in Firefox, try using Chrome - Firefox sometimes generates incorrect certificate events.
  • If your download prompts you to open the file, open it, and select the Certificate Manager app.
  • If Android prompts you to install the certificate automatically, choose yes, and under “Credential use” select “Wi-Fi”.
  • If Android does not prompt you to install the certificate, go to “Settings”, then “Security”
  • Go to the “Credential Storage” section
  • Select “Install from SD card”.
  • Some versions of Android find the certificate automatically. Some require you to find it yourself. The file should be in your Downloads directory.
  • You should be prompted to name the certificate (the name is irrelevant, pick one that makes sense)
  • Select “Wi-Fi” for “Credential Use”

After installing the CA certificate, older versions of Android will produce a permanent warning that network traffic may be monitored. This warning will persist until the certificate is deleted, even though the certificate should be installed for Wi-Fi use only and will not be used for app or https traffic. This is an Android bug, and is fixed in newer Android versions. By selecting “Wi-Fi” as the credential type this cert should only be used for wireless connections.

Configure the Wi-Fi Network

  • Complete the “Add the certificate” section
  • Go to “Settings”
  • Go to “Wi-Fi”
  • Select the shmoocon-wpa network
  • Set EAP method to PEAP
  • Set Phase 2 authentication to MSCHAPV2
  • Set CA Certificate to the shmoocon certificate you installed. If you do not install the certificate or do not select it here, your configuration may be vulnerable to an attacker spoofing the wpa2 network
  • Put the username you just created in Identity
  • Leave anonymous identity blank
  • Put the password you created in Password
  • If prompted for a domain, enter radius.shmoocon.net

After Shmoocon

The CA certificate is configured to be valid only for the duration of the conference. However, after the conference, delete the Shmoocon CA from your device via Settings->Security->Trusted Credentials. It will be in the ‘User’ category.