Friday, February 28, 2020

Forcing Installation of CA Certificates to Android

Hello all. Here's the deal. I'm rolling out certificate-based authentication to all our corporate-owned devices obviously including Pixel 2 devices. We use an MDM solution to push profiles to these phones. I'm trying to push a profile to Pixel devices that contain a client certificate, our internal root ca, our internal sub ca, and the radius server certs these phones will be authenticated by.

These phones are unable to join a wifi network in said profile because the client is rejecting the radius server certificate. I understand this means the phone doesn't trust the radius server cert, but what I do not understand how I get the phones to trust it. Am I to install the server cert directly onto the device and if so should I be able to do that from the same MDM profile? Does Android need a specific format for the cert? .cer DER? Does the Android need the private key of the server cert? Does the server cert HAVE to be a public cert in the trusted root ca store?

Sorry about so many questions at once but I can't figure out the problem. Thanks in advance!



No comments:

Post a Comment