Wireless Access

Reply
MVP
Posts: 1,412
Registered: ‎11-30-2011

Android with Aruba TLS SSID

im trying to setup an EAP TLS protected SSID, it works for my Windows 8 laptop. but my Android 4.0.4 phone simply doesn't want to connect. when googling for android (EAP) TLS / Wifi / ... i find lots of complaining and such, but not even basic information on how to configure it.

 

is there anyone here who has EAP TLS working between Aruba (or other vendor) and an Android device?

 

I have imported my client certificate and the CA which signed it on the Android device. I also imported the CA certificate that signed the controller certificate (not an offical CA btw).

 

my current wifi settings on the Android are:

 

EAP method: TLS

Phae 2: None

CA certificate: the CA for the client certificate (unsure why i need to provide this)

User certificate: the client certificate

Identity: Empty

Anonymous identity: Empty

Password: Empty

 

Moderator
Posts: 906
Registered: ‎07-29-2010

Re: Android with Aruba TLS SSID

Hi

 

You should use the following settings:

 

EAP method: TLS

Phae 2: None

CA certificate: the CA for the client and Server certificate

User certificate: the client certificate

Identity: <user id>

Anonymous identity: Empty

Password: Empty

 

CA certificate: You should provide the certificate of the CA signing both your certificate and the AAA server's. This has to be provided in order to securely validate the server ID.

 

Identity: You should provide your identity. I'm not sure if it's compulsory but in this field you usually enter the same id you used to generate the client certificate.

 

If all that is ok and your WLAN still doesn't work, make sure you've imported your certificates properly. The client certificate should be a .pem cert containing the private key. The CA certificate only has to have the public key, and .cer format should work.

 

Try it and tell us if you still have any issues.

 

Regards

 

 

 

 

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: Android with Aruba TLS SSID

thank you, one thing that is certainly different is the CA for the client and the server certificate. is it compulsory that it is the same? because for example with a laptop it isn't.

Moderator
Posts: 906
Registered: ‎07-29-2010

Re: Android with Aruba TLS SSID

Hi

 

It was a simplification. What you really need is the server certificate to be signed by a a CA that's trusted in your phone. The same happens on the other end, your client server has to be signed by a CA that's trusted by the AAA server.

 

If you wish to understand the whole process a bit better, there's a great series of posts explaining how digital certs work:

http://community.arubanetworks.com/t5/Authentication-and-Access/Digital-Certificates-5-part-series/m-p/22752/highlight/true#M219

 

BR

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: Android with Aruba TLS SSID

thanks for the info, i believe i understand the principle, it just didn't work out for some reason.

 

i now have a working setup with the the same CA for server and client certificate. im going to test some more so see what does and doesn't work.

Moderator
Posts: 906
Registered: ‎07-29-2010

Re: Android with Aruba TLS SSID

That's probably due to the client certificate format. I had a lot of trouble with my phone as well. Nevertheless, it ended up working when I used .pem format.

 

BR

 

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
Search Airheads
Showing results for 
Search instead for 
Did you mean: