Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1750
Views
0
Helpful
1
Replies

About Android 11 connecting to PEAP SSID but "do not validate certificate" option eliminated

ajc
Level 7
Level 7

‎02-10-2021 12:36 PM - edited ‎02-10-2021 12:36 PM

Hi all,

 

I have an non elegant solution in mind for this issue on BYOD Android devices running version 11 and unable to select the "do not validate certificate". I understand this improvement on the version adds more security to the enduser connection but implementing a solution that can be easily managed by a non technical enduser does not look that simple.

 

We have our own PKI signed cert for EAP on ISE 2.7 and changing it to a public CA one (like entrust) is not an option for BYOD because open the door to another private SSID/Subnet using EAP-TLS.

 

Wondering if there is anything like Onboarding on ISE that we could use to overcome this issue on BYOD devices. I am still exploring options.

 

thanks in advance.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

ajc
Level 7
Level 7

‎02-10-2021 12:50 PM

There is another post about the same subject. Following that one.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents