In practice, you would need some form of client onboarding to do the configuration for the end-user. For managed devices, that probably would be a Mobile/Enterprise Device Management solution, for unmanaged devices, that could be ClearPass Onboard, Aruba Onboard as part of Central Cloud Authentication, or another third party provisioning tool. For eduroam that would be geteduroam or CAT. As part of that, you can also provision client certificates to do EAP-TLS and get rid of deprecated/legacy PEAP/MSCHAPv2.
You can configure manual 802.1X on Android, but it's hard to do it right.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: May 09, 2025 08:13 AM
From: alexandre.link
Subject: 802.1x authentication (android 11)
Hi everyone,
I know this is an old topic, but I'd like to know if there's any solution for authenticating 802.1X with ClearPass on Android 11 devices.
ClearPass does not require a certificate in the service for authentication, and other devices connect normally. However, some Android 11 devices, even when ignoring the certificate or manually installing a trusted certificate on the device, still fail to connect and ClearPass returns an "untrusted certificate" error.
Is there any update regarding this, or do we simply have to abandon 802.1X authentication on these devices?