Devices that are provisioned using Device Manager can also be setup to connect to enterprise wireless networks using Wifi certificates. This process requires using MLDB and The Lab.
Wifi Connectivity
Support for EAP-TLS, EAP-TTLS-MSCHAPv2, and EAP-TTLS-MSCHAP, networks with the enhancement of MLDB to support the distribution of certificates
Pre-requisites
- You will need to have a device on Lumin OS 0.98.20 or above with Developer Mode and MLDB enabled (on your device, go to the Settings>Device>Developer section and toggle both options "on")
- Computer with The Lab installed
- USB-C cable
- Wifi Certificate(s) using EAP-TLS certificate formats are supported:
- Client certificate in .PFX format only
- CA Root certificate in .PEM format only
- Wifi Certificate(s) using EAP-TTLS certificate formats are supported:
- CA Root certificate in .PEM format only, no client certificate required
Pushing Wifi Certificates to Your Magic Leap
- Power on the device
- Connect to the computer using the USB-C cable
- Open the mldb shell from The Lab and, in the shell, run the following to ensure the device is connected:
mldb devices
- If the device was previously connected to a network, run the following (skip this step is there was no previous network connection):
mldb wifi forget <network-id>
- Change Directory to the folder where the wifi certificates are. Run the mldb commands to configure the enterprise network based on either TLS or TTLS scenarios below:
TLS
The following command configures an enterprise Wifi network using EAP-TLS where the client certificate file includes the client certificate and the private key. The --privkey_pswd switch is optional depending on whether the private key has a password or not.
Command Syntax:
# connect using EAP-TLS
#
$ mldb wifi configure-ent cppm-corp \
--eap tls \
--eid testpeq \
--ca_cert <CA Root Certificate> \
--cert <Client Certificate> \
--privkey_pswd <password>
Successfully configured network. Network ID = 5
Example:
# connect using EAP-TLS
#
$ mldb wifi configure-ent cppm-corp \
--eap tls \
--eid testpeq \
--ca_cert cppm-ca-chain.cert.pem \
--cert cppm-clnt+pkey.pfx \
--privkey_pswd testpass
Successfully configured network. Network ID = 5
TTLS
The following command configures an enterprise Wifi network using EAP-TTLS where client authentication protocol could be either mschapv2 or mschap.
Command Syntax:
# connect using EAP-TTLS
#
$ mldb wifi configure-ent cppm-corp \
--eap ttls \
--p2 <protocol> \
--ca_cert <CA Root Cert> \
--eid <user_id> \
--epw <password>
Example:
# connect using EAP-TTLS
#
$ mldb wifi configure-ent cppm-corp \
--eap ttls \
--p2 mschapv2 \
--ca_cert test_cert.pem \
--eid testid \
--epw testpass
Successfully configured network. Network ID = 5
Successful response:
Successfully configured network. Network ID = 0
The Network ID returned from the previous command (Successfully configured network. Network ID = 5), is used in the wifi join command to connect to the desired network. Each network (SSID) you successfully configure will get its own numeric ID. You use that ID to perform operations on the network: join, forget, etc.
Command Syntax:
mldb wifi join <network id>
Example:
mldb wifi join 0
Successfully joined network <network name>
Note: mldb provides help text for all its commands. For a description of the various options available when configuring a network, use mldb wifi --help
Known Issues
- When configuring a network already known to the device, first forget the network with
mldb wifi forget <network-id>. If not forgotten, the resulting configuration could maintain characteristics of the previous configuration, leading to unexpected behavior - Error reporting with this feature is limited