last person joined: an hour ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Android and CPPM 6.1 unknow_ca Error

  • 1.  Android and CPPM 6.1 unknow_ca Error

    Posted Apr 25, 2013 11:58 AM



    I'm having an issue onboarding android devices, all steps works fine but after the onboarding when the android device tries to authenticate with TLS always getting an error in access tracker showing client error uknonw_ca, when i check the settings on the wireless on the android device I cannot see a CA defined and when i click on that no CA showing, in the onboarding steps it shows it installed RC but doesn't seem to be recognized by the Android device.


    I have made sure that  the correct certificate is selected as trusted on the onboarding steps for Android, but 1 thing is that in the manual it is mentioned:

    6. In the Android Trust area, use the Trusted Certificate drop-down list to select a certificate the device should trust.
    Android supports only a single trusted certificate; this must be the root CA that issued the authentication server’s
    certificate. Be aware that if None is selected, 802.1x authentication might not work.


    But I can see the Server Certificate not the CA !! I also tried Creating new Root Certificates and changed the names several times still the same result, the SSID is simple "JCAccess"  since i faced an issue with the SSID name before and now using simple ones.



    Did anybody face this issue before ?


    Please help, and if possible to let me know if there is a way to downgrade from 6.1 to 6.0.2 so I can avoid this as I have tested with 6.0.2 and no issues like this.

  • 2.  RE: Android and CPPM 6.1 unknow_ca Error

    Posted Apr 25, 2013 05:55 PM

    You should probably not be configuring custom trust settings for Android.


    Use the setting "Automatically configure trust settings (recomended)" on the Onboard » Configuration Profiles » Network Settings » Trust tab.  This should work correctly.