Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Android Certificate Provisioning via Network Set up Assistant.

Hi there, Just wondered if anyone had any experience with Certificates on Android, I only have a 4.4 Device but I am trying to find where the certificates are installed but when I look in the certificate store on the device the root certificate and the user certificate are not there.

I thought the process had failed but when I go to connect to my SSID using EAP/TLS it works fine and the log shows that it is using a certificate that the ISE has installed see below for the success message.

I just wonder where Android is hiding this. Anyone have any ideas?


12811Extracted TLS Certificate message containing client certificate
 12812Extracted TLS ClientKeyExchange message
 12813Extracted TLS CertificateVerify message
 12804Extracted TLS Finished message
 12801Prepared TLS ChangeCipherSpec message
 12802Prepared TLS Finished message
 12816TLS handshake succeeded
 12509EAP-TLS full handshake finished successfully
 12505Prepared EAP-Request with another EAP-TLS challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12504Extracted EAP-Response containing EAP-TLS challenge-response
 15041Evaluating Identity Policy
 15048Queried PIP - Network Access.EapAuthentication
 15004Matched rule - BYODCertificate
 22070Identity name is taken from certificate attribute
 22037Authentication Passed
 12506EAP-TLS authentication succeeded

Are you using a public signed one? It might fall under the root ones.


Another thing i noticed is that when auth fails the Network Setup Assistant cleans up after itself including half installed profiles which makes it hard to troubleshoot.



No Were not using Public Signed Certificates. Checked in the root store and the ISE root Cert isnt in there.

Cisco Employee

Hmm, the fact that EAP-TLS is succeeding means that there is a certificate somewhere that is making this possible :) So what do you see under the "User" tab in the "Trusted Credentials" in your android device?


Thank you for rating helpful posts! 

Under the User Tab there is nothing. Which is weird.

OK So did a bit of playing around with Android last night and looked for an application that I could manage certificates with. Didn't find anything but I did find an app that installed certificates for you. When it was going to put a certificate on it asked if it was for "Wireless or VPN/Identification" So I am just wondering if the "wireless" cert store isn't visible.

Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube