[REPOST] 1500 different EAP-TLS Certificates...


Sorry for the repost (also put this up in the Fusion thread) but I'm casting the net as wide as I can...

I've been presented with a bit of a poser. My customer wants to deploy
WPA Enterprise with EAP-TLS. They want to use a "personalised"
certificate per device, so each one of their 1500-odd MC75s would have
it's own unique certificate and credentials.

Importing the certificates is OK. The problem is going to be creating the WLAN profile.

Right now, we're in a competitive situation with Intermec, who has
apparently written an XML script to create the WLAN profile on the CN3,
allowing them to dynamically insert the correct values at staging.

My questions: Has anyone been in a similar situation before, and if so, how did we work a result? Can we use SymScript for this?


Richard Baker
Jon, I am not an expert on

I am not an expert on this topic but I am researching XML provisioning on our devices right now. Here is a link with an example on creating a wap provisioning document that will install a certificate in the WM certificate store.


By default WM devices will allow Over The Air provisioning in compliance with the Open Mobile Alliance (formerly WAP) standard. Microsoft had expanded the OMA standard within its' OS. Installing the certificate will also depend on what security policy is implemented on the device. WM 5.0 has the ability to only allow signed or authenticated apps, files, or XML configuration documents to be executed or acted upon.

I have not learned XML, but the nature of XML enables you to define anything you want. There is functionality in the XML that will allow you to dynamically pull information / data.

Intermec is not doing anything that is not part of the OMA standards for WAP client provisioning / device management.

SymScript would probably be an enabler for this; Paul has added XML provisioning functionality.
Vote up!
Vote down!

Points: 1

You voted ‘up’

Anonymous (not verified)
Hello Richard I am not sure

Hello Richard

I am not sure the XML route will work with Fusion.  Expect you will need to use the Fusion API's to create the profile.  Kjell Lloyd has written a XML plugin for SymScript to allow you to configure Fusion profiles - using XML.  If this has the functionality that Jon's wants then this maybe a possible option, as the script can take its input from the user or a config (INI) file and create the XML  on the fly.

PXML would work on the MC35 as it uses Wireless Zero Config.

Vote up!
Vote down!

Points: 0

You voted ‘up’

Richard Linsley-Hood
The Microsoft OS has built

The Microsoft OS has built within it an API call (DMProcessConfigXML) that completely does all that is required to provision the terminal from an XML file.

The attached demonstration command line application takes an XML file as input and provisions the terminal based on that file. Command line 'XmlConfigTerminal some.xml'. The source code for this application is almost trivial and is available on request.

There are numerous other methods to call this DMProcessConfigXML API including, but not limited to, EmScript, SymScript, a cpf file with the XML embedded within it, MSP, a custom written application that calls the API, etc.

Please use the method that is most appropriate for your customer.

Richard LH
Vote up!
Vote down!

Points: 1

You voted ‘up’

Log in to post comments