11-10-2021 08:05 AM
Has anyone see this issue with Android devices not able to connect to Cisco wireless networks?
Looking at our ISE logs, it seems the devices are not puling down the wireless certificate. You can see the attempt to join the wireless network in ISE but then it just errors out with "PEAP failed SSL/TLS handshake after a client alert"
This is the resolution, but the wireless certificate is there but not being pulled down:
Check whether the proper server certificate is installed and configured for EAP in the Local Certificates page ( Administration > System > Certificates > Local Certificates ). Also ensure that the certificate authority that signed this server certificate is properly installed in client's supplicant. Check the previous steps in the log for this EAP-TLS conversation for a message indicating why the handshake failed. Check the OpenSSLErrorMessage and OpenSSLErrorStack for more information.
Solved! Go to Solution.
11-11-2021 11:35 AM
Which option is removed by Android?
I was recently part of a deployment where we pushed certificates to thousands of Android devices running 11 using MDM, I also tested in my personal devices. Certificates can be installed without any issues. Where did you get stuck?
11-10-2021 12:51 PM
Latest Android OS removed the "do not validate" certificate option, which in older versions were used to bypass the full certificate validation. So due to this reason new Android OS versions doesnt allow access to any WPA2 enterprise networks which uses SSC, or any certificate from a CA which is in the Android certificate trust store.
Your options are either use a certificate signed by a public CA which is trusted by Android or upload the CA root/ intermediate certificates to Andoid device.
11-11-2021 10:04 AM
Arshad,
That option has been removed from Android 11 & 12, so that will not work.
11-11-2021 11:35 AM
Which option is removed by Android?
I was recently part of a deployment where we pushed certificates to thousands of Android devices running 11 using MDM, I also tested in my personal devices. Certificates can be installed without any issues. Where did you get stuck?
11-12-2021 05:09 AM
The option for "do not validate" is not available in Android 11 & 12, check a new Android 12 device, here in the States the option is removed.
11-10-2021 03:18 PM
CSCvu24770
01-30-2023 06:29 PM
This Cisco bug states that it is applicable to Affected clients running Android 10.
11-12-2021 05:03 AM
In my case I had to disable Fast Transition on the SSID under Security - Layer 2 recently. Might have been another issue though.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide