Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

966
Views
0
Helpful
5
Replies
graham.harper
Beginner
Beginner
‎11-25-2014 01:06 AM
‎11-25-2014 01:06 AM

Android Certificate Provisioning via Network Set up Assistant.

Hi there, Just wondered if anyone had any experience with Certificates on Android, I only have a 4.4 Device but I am trying to find where the certificates are installed but when I look in the certificate store on the device the root certificate and the user certificate are not there.

I thought the process had failed but when I go to connect to my SSID using EAP/TLS it works fine and the log shows that it is using a certificate that the ISE has installed see below for the success message.

I just wonder where Android is hiding this. Anyone have any ideas?

 

12811Extracted TLS Certificate message containing client certificate
 12812Extracted TLS ClientKeyExchange message
 12813Extracted TLS CertificateVerify message
 12804Extracted TLS Finished message
 12801Prepared TLS ChangeCipherSpec message
 12802Prepared TLS Finished message
 12816TLS handshake succeeded
 12509EAP-TLS full handshake finished successfully
 12505Prepared EAP-Request with another EAP-TLS challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12504Extracted EAP-Response containing EAP-TLS challenge-response
 15041Evaluating Identity Policy
 15048Queried PIP - Network Access.EapAuthentication
 15004Matched rule - BYODCertificate
 22070Identity name is taken from certificate attribute
 22037Authentication Passed
 12506EAP-TLS authentication succeeded
Labels:
0 Helpful
5 REPLIES 5
mwlangedijk
Beginner
Beginner
‎11-25-2014 12:42 PM
‎11-25-2014 12:42 PM

Are you using a public signed one? It might fall under the root ones.

 

Another thing i noticed is that when auth fails the Network Setup Assistant cleans up after itself including half installed profiles which makes it hard to troubleshoot.

 

Martijn

0 Helpful
graham.harper
Beginner
Beginner
In response to mwlangedijk
‎11-26-2014 12:01 AM
‎11-26-2014 12:01 AM

No Were not using Public Signed Certificates. Checked in the root store and the ISE root Cert isnt in there.

0 Helpful
nspasov
Cisco Employee
Cisco Employee
‎11-25-2014 05:46 PM
‎11-25-2014 05:46 PM

Hmm, the fact that EAP-TLS is succeeding means that there is a certificate somewhere that is making this possible :) So what do you see under the "User" tab in the "Trusted Credentials" in your android device?

 

Thank you for rating helpful posts! 

0 Helpful
graham.harper
Beginner
Beginner
In response to nspasov
‎11-26-2014 12:01 AM
‎11-26-2014 12:01 AM

Under the User Tab there is nothing. Which is weird.

0 Helpful
graham.harper
Beginner
Beginner
In response to nspasov
‎11-26-2014 12:04 AM
‎11-26-2014 12:04 AM

OK So did a bit of playing around with Android last night and looked for an application that I could manage certificates with. Didn't find anything but I did find an app that installed certificates for you. When it was going to put a certificate on it asked if it was for "Wireless or VPN/Identification" So I am just wondering if the "wireless" cert store isn't visible.

0 Helpful
Latest Contents
Converting Cisco Secure Endpoint Connectors from Audit to Pr...
Created by Sohaib Ahmed on 06-23-2022 05:19 PM
0
0
0
0
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari... view more
🧦💚 Tell us about your ZTNA journey in exchange for a pair ...
Created by betswang on 06-23-2022 03:05 PM
0
15
0
15
  Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ... view more
Cisco ASA Access-list ACL using network object
Created by Meddane on 06-23-2022 06:59 AM
0
0
0
0
  A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se... view more
How To: Cisco ISE Captive Portals with Aruba Wireless
Created by ahollifield on 06-22-2022 06:23 PM
3
10
3
10
How To: Cisco ISE Captive Portals with Aruba Wireless Authors: Adam Hollifield, Brad Johnson IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi... view more
Get Started with SecureX | Overview and Product Demo
Created by Matt Anderson on 06-16-2022 03:04 AM
0
5
0
5
Ready to learn more about SecureX? Our Cisco security expert @Juan Ponce Dominguez reviews the features and benefits of SecureX, as well as a product demo covering: Customising SecureX dashboards to create a single pane, unified visibility Integrati... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube