Tuesday, November 2, 2021

EAP-TLS Auth No Longer works on Android 11/12

My environment is deploying our internal root/intermediate and user cert generated via NDES.
This works for Android 10 and older as well as iOS; however, with Android 11/12 on Pixel/Samsung devices, it doesn't connect.

I've verified that the root/intermediate and the user cert are installed. After attempting to connect and failing a few times, I notice that the CA cert is missing from the "CA certificate" setting in the SSID wifi configuration. However, the cert is still visible within the cert store.

On the clearpass side, it looks like the certificates are not being presented from the device during authentication. Any ideas what may be the issue?

Some logs from the device during connection attempt

//When os tries fetch certificate to connect to wifi, it faces issue 10-06 10:16:33.217  1000 22084 22084 E WifiConfigController2: ca_cert ([Ljava.lang.String;@a86498) and ca_path () should not both be non-null10-06 10:16:34.564  wifi  1302  1361 E wificond: keyStore2GetCert:146 Keystore 2.0 getKeyEntry failed error: Status(-8, EX_SERVICE_SPECIFIC): '7: '10-06 10:16:34.573  wifi  1302  1361 E wificond: getLegacyKeystoreBlob:313 Failed to get legacy keystore entry for alias "CACERT_CORPORATE-WIFI_WPA_EAPIEEE8021X_TLS_NULL_0": Status(-8, EX_SERVICE_SPECIFIC): '7: '10-06 10:16:34.573  wifi  1302  1361 E wificond: getBlob:336 Failed to get certificate.10-06 10:16:34.573  wifi  3170  3170 E wpa_supplicant: OpenSSL: Failed to parse certificate: CACERT_CORPORATE-WIFI_WPA_EAPIEEE8021X_TLS_NULL_010-06 10:16:34.573  wifi  3170  3170 E wpa_supplicant: TLS: Failed to parse Root CA certificate



No comments:

Post a Comment