My environment is deploying our internal root/intermediate and user cert generated via NDES.
This works for Android 10 and older as well as iOS; however, with Android 11/12 on Pixel/Samsung devices, it doesn't connect.
I've verified that the root/intermediate and the user cert are installed. After attempting to connect and failing a few times, I notice that the CA cert is missing from the "CA certificate" setting in the SSID wifi configuration. However, the cert is still visible within the cert store.
On the clearpass side, it looks like the certificates are not being presented from the device during authentication. Any ideas what may be the issue?
Some logs from the device during connection attempt
//When os tries fetch certificate to connect to wifi, it faces issue 10-06 10:16:33.217 1000 22084 22084 E WifiConfigController2: ca_cert ([Ljava.lang.String;@a86498) and ca_path () should not both be non-null10-06 10:16:34.564 wifi 1302 1361 E wificond: keyStore2GetCert:146 Keystore 2.0 getKeyEntry failed error: Status(-8, EX_SERVICE_SPECIFIC): '7: '10-06 10:16:34.573 wifi 1302 1361 E wificond: getLegacyKeystoreBlob:313 Failed to get legacy keystore entry for alias "CACERT_CORPORATE-WIFI_WPA_EAPIEEE8021X_TLS_NULL_0": Status(-8, EX_SERVICE_SPECIFIC): '7: '10-06 10:16:34.573 wifi 1302 1361 E wificond: getBlob:336 Failed to get certificate.10-06 10:16:34.573 wifi 3170 3170 E wpa_supplicant: OpenSSL: Failed to parse certificate: CACERT_CORPORATE-WIFI_WPA_EAPIEEE8021X_TLS_NULL_010-06 10:16:34.573 wifi 3170 3170 E wpa_supplicant: TLS: Failed to parse Root CA certificate
No comments:
Post a Comment