Cisco Community
English
Register
Announcing the Project Gallery! Click here to read community member deployment stories and share your projects!
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

790
Views
0
Helpful
5
Replies
Highlighted
graham.harper
Beginner
Beginner
‎11-25-2014 01:06 AM
‎11-25-2014 01:06 AM

Android Certificate Provisioning via Network Set up Assistant.

Hi there, Just wondered if anyone had any experience with Certificates on Android, I only have a 4.4 Device but I am trying to find where the certificates are installed but when I look in the certificate store on the device the root certificate and the user certificate are not there.

I thought the process had failed but when I go to connect to my SSID using EAP/TLS it works fine and the log shows that it is using a certificate that the ISE has installed see below for the success message.

I just wonder where Android is hiding this. Anyone have any ideas?

 

12811Extracted TLS Certificate message containing client certificate
 12812Extracted TLS ClientKeyExchange message
 12813Extracted TLS CertificateVerify message
 12804Extracted TLS Finished message
 12801Prepared TLS ChangeCipherSpec message
 12802Prepared TLS Finished message
 12816TLS handshake succeeded
 12509EAP-TLS full handshake finished successfully
 12505Prepared EAP-Request with another EAP-TLS challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12504Extracted EAP-Response containing EAP-TLS challenge-response
 15041Evaluating Identity Policy
 15048Queried PIP - Network Access.EapAuthentication
 15004Matched rule - BYODCertificate
 22070Identity name is taken from certificate attribute
 22037Authentication Passed
 12506EAP-TLS authentication succeeded
Labels:
Everyone's tags (1)
0 Helpful
Reply
5 REPLIES 5
Highlighted
mwlangedijk
Beginner
Beginner
‎11-25-2014 12:42 PM
‎11-25-2014 12:42 PM

Are you using a public signed

Are you using a public signed one? It might fall under the root ones.

 

Another thing i noticed is that when auth fails the Network Setup Assistant cleans up after itself including half installed profiles which makes it hard to troubleshoot.

 

Martijn

0 Helpful
Reply
Highlighted
graham.harper
Beginner
Beginner
‎11-26-2014 12:01 AM
‎11-26-2014 12:01 AM

No Were not using Public

No Were not using Public Signed Certificates. Checked in the root store and the ISE root Cert isnt in there.

0 Helpful
Reply
Highlighted
nspasov
Cisco Employee
Cisco Employee
‎11-25-2014 05:46 PM
‎11-25-2014 05:46 PM

Hmm, the fact that EAP-TLS is

Hmm, the fact that EAP-TLS is succeeding means that there is a certificate somewhere that is making this possible :) So what do you see under the "User" tab in the "Trusted Credentials" in your android device?

 

Thank you for rating helpful posts! 

0 Helpful
Reply
Highlighted
graham.harper
Beginner
Beginner
‎11-26-2014 12:01 AM
‎11-26-2014 12:01 AM

Under the User Tab there is

Under the User Tab there is nothing. Which is weird.

0 Helpful
Reply
Highlighted
graham.harper
Beginner
Beginner
‎11-26-2014 12:04 AM
‎11-26-2014 12:04 AM

OK So did a bit of playing

OK So did a bit of playing around with Android last night and looked for an application that I could manage certificates with. Didn't find anything but I did find an app that installed certificates for you. When it was going to put a certificate on it asked if it was for "Wireless or VPN/Identification" So I am just wondering if the "wireless" cert store isn't visible.

0 Helpful
Reply
Latest Contents
Manage the ASA from anyconnect
Created by kahina.akkouche on 08-12-2020 01:16 AM
3
0
3
0
Bonjour,Je cherche à acceder l'interface de management de l'ASA, depuis l'Anyconnect.Malegré que j'ai ajouté les ACLs necessaires, mais l'acces management ASA en SSH depuis le vpn nomade ne passse.Je me demande si on peut manager l'ASA en ssh ou autres pr... view more
Problems Authenticating and Authorizing Users on new wlan us...
Created by stevemegyery on 08-11-2020 11:26 AM
1
0
1
0
I am involved in rolling out about 40 wifi networks using cisco 3602/2802 aps and cisco 5508 ISE. Our network offers a 2 step authentication with user and machine certificates as well as users needing to be in correct AD groups. The problem we have i... view more
NGFW VPN PAGE
Created by Fnu Kanwaljeet Singh on 08-11-2020 07:44 AM
0
0
0
0
Site-to-Site VPN: ASA Site-to-Site VPN using IKEV1 Configuration Example Configure a Site-to-Site IPSec IKEv1 Tunnel Between an ASA and a Cisco IOS Router Site-to-Site IKEv2 Tunnel between ASA and Router Configuration Examples Site-to-Site VPN Tunnel wit... view more
Cisco ISE MS Intune remote WIPE/LOCK ISE Feature
Created by Rkle on 08-11-2020 04:28 AM
0
0
0
0
Dear Community,  So, according to the Cisco ISE Release 2.7 Administrator Guide, it should be possible to use a remote lock/wipe on MDM-devices that connect through ISE on the network( see the screenshot in the attachment).The problem is that th... view more
Applying Cisco Anyconnect licenses
Created by ross_rulz on 08-11-2020 01:00 AM
0
0
0
0
Hi, We currently have 2 Cisco 5525X ASA's in active/standby state. We have 750 concurrent Anyconnect licenses with the below licenses:AC-PLSM-5YR-500-S & AC-PLSM-5YR-250-S. (These are expiring soon) I have asked to get these renewed by our l... view more
Content for Community-Ad

Cisco Community May 2020 Spotlight Award Winners

Follow our Social Media Channels