This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hi there, Just wondered if anyone had any experience with Certificates on Android, I only have a 4.4 Device but I am trying to find where the certificates are installed but when I look in the certificate store on the device the root certificate and the user certificate are not there.
I thought the process had failed but when I go to connect to my SSID using EAP/TLS it works fine and the log shows that it is using a certificate that the ISE has installed see below for the success message.
I just wonder where Android is hiding this. Anyone have any ideas?
12811 | Extracted TLS Certificate message containing client certificate | |
12812 | Extracted TLS ClientKeyExchange message | |
12813 | Extracted TLS CertificateVerify message | |
12804 | Extracted TLS Finished message | |
12801 | Prepared TLS ChangeCipherSpec message | |
12802 | Prepared TLS Finished message | |
12816 | TLS handshake succeeded | |
12509 | EAP-TLS full handshake finished successfully | |
12505 | Prepared EAP-Request with another EAP-TLS challenge | |
11006 | Returned RADIUS Access-Challenge | |
11001 | Received RADIUS Access-Request | |
11018 | RADIUS is re-using an existing session | |
12504 | Extracted EAP-Response containing EAP-TLS challenge-response | |
15041 | Evaluating Identity Policy | |
15048 | Queried PIP - Network Access.EapAuthentication | |
15004 | Matched rule - BYODCertificate | |
22070 | Identity name is taken from certificate attribute | |
22037 | Authentication Passed | |
12506 | EAP-TLS authentication succeeded |
Are you using a public signed one? It might fall under the root ones.
Another thing i noticed is that when auth fails the Network Setup Assistant cleans up after itself including half installed profiles which makes it hard to troubleshoot.
Martijn
No Were not using Public Signed Certificates. Checked in the root store and the ISE root Cert isnt in there.
Hmm, the fact that EAP-TLS is succeeding means that there is a certificate somewhere that is making this possible :) So what do you see under the "User" tab in the "Trusted Credentials" in your android device?
Thank you for rating helpful posts!
Under the User Tab there is nothing. Which is weird.
OK So did a bit of playing around with Android last night and looked for an application that I could manage certificates with. Didn't find anything but I did find an app that installed certificates for you. When it was going to put a certificate on it asked if it was for "Wireless or VPN/Identification" So I am just wondering if the "wireless" cert store isn't visible.