Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1232
Views
0
Helpful
5
Replies

Android Certificate Provisioning via Network Set up Assistant.

graham.harper
Level 1
Level 1

‎11-25-2014 01:06 AM - edited ‎03-10-2019 10:12 PM

Hi there, Just wondered if anyone had any experience with Certificates on Android, I only have a 4.4 Device but I am trying to find where the certificates are installed but when I look in the certificate store on the device the root certificate and the user certificate are not there.

I thought the process had failed but when I go to connect to my SSID using EAP/TLS it works fine and the log shows that it is using a certificate that the ISE has installed see below for the success message.

I just wonder where Android is hiding this. Anyone have any ideas?

 

12811Extracted TLS Certificate message containing client certificate
 12812Extracted TLS ClientKeyExchange message
 12813Extracted TLS CertificateVerify message
 12804Extracted TLS Finished message
 12801Prepared TLS ChangeCipherSpec message
 12802Prepared TLS Finished message
 12816TLS handshake succeeded
 12509EAP-TLS full handshake finished successfully
 12505Prepared EAP-Request with another EAP-TLS challenge
 11006Returned RADIUS Access-Challenge
 11001Received RADIUS Access-Request
 11018RADIUS is re-using an existing session
 12504Extracted EAP-Response containing EAP-TLS challenge-response
 15041Evaluating Identity Policy
 15048Queried PIP - Network Access.EapAuthentication
 15004Matched rule - BYODCertificate
 22070Identity name is taken from certificate attribute
 22037Authentication Passed
 12506EAP-TLS authentication succeeded
Labels:
0 Helpful
5 Replies 5

mwlangedijk
Level 1
Level 1

‎11-25-2014 12:42 PM

Are you using a public signed one? It might fall under the root ones.

 

Another thing i noticed is that when auth fails the Network Setup Assistant cleans up after itself including half installed profiles which makes it hard to troubleshoot.

 

Martijn

0 Helpful

graham.harper
Level 1
Level 1
In response to mwlangedijk

‎11-26-2014 12:01 AM

No Were not using Public Signed Certificates. Checked in the root store and the ISE root Cert isnt in there.

0 Helpful

nspasov
Cisco Employee
Cisco Employee

‎11-25-2014 05:46 PM

Hmm, the fact that EAP-TLS is succeeding means that there is a certificate somewhere that is making this possible :) So what do you see under the "User" tab in the "Trusted Credentials" in your android device?

 

Thank you for rating helpful posts! 

0 Helpful

graham.harper
Level 1
Level 1
In response to nspasov

‎11-26-2014 12:01 AM

Under the User Tab there is nothing. Which is weird.

0 Helpful

graham.harper
Level 1
Level 1
In response to nspasov

‎11-26-2014 12:04 AM

OK So did a bit of playing around with Android last night and looked for an application that I could manage certificates with. Didn't find anything but I did find an app that installed certificates for you. When it was going to put a certificate on it asked if it was for "Wireless or VPN/Identification" So I am just wondering if the "wireless" cert store isn't visible.

0 Helpful
Customers Also Viewed These Support Documents