Security

Reply
Highlighted
Contributor II

Android setup using SCEP and AirWatch

I am trying to setup Android devices to access the network using certificates from our SCEP with CPPM. Currently it is working just fine with iOS but we haven’t been able to make it work with Android.

 

From the SCEP side there is not much i can change since as i mentioned it is working just fine for iOS. Here are some screenshots from Access Tracker errors and AirWatch setup.

 

 Unfortunately there are not as many options on Android setup as they are for  iOS within AirWatch.

 

We are running CPPM 6.7.4

 

We have uploaded and trusted the same certificates we have for the iOS setup (CPPM radius certificates, Root CA, Signing CA, Proxy CA) but a bit confused on what which to use on the Android fields where it ask for Identity Cert and Root cert.

 

Guru Elite

Re: Android setup using SCEP and AirWatch

Looks like AirWatch is missing the EAP server identity fields. I would reach out to them and ask why they're not present.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: Android setup using SCEP and AirWatch

Do you have by any chance a screenshot where it shows that field?

 

Thanks,

 

AP

Guru Elite

Re: Android setup using SCEP and AirWatch

No, I’m just speaking generically. The error is that the device doesn’t not trust the EAP server certificate and your config does not show the EAP server certificate validation options. You can see these on the device itself when adding a network.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: Android setup using SCEP and AirWatch

When we look into the device all of our certificates are being downloaded and trusted same is done for iOS but for some reason doesn’t wok for Android.

Guru Elite

Re: Android setup using SCEP and AirWatch

There is no EAP server certificate trust in the Android config from the screenshot you posted.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: Android setup using SCEP and AirWatch

Looks like Airwatch doesnt suport SCEP for Android....

 

from airwatch:

SCEP is not supported for Android on any version. SCEP is limited to only Windows and iOS devices. You will see a SCEP payload option in the profile configuration for both iOS and Windows but not for Android. However, you can still push SCEP certificates to Android devices via the credential payload.

 

Anyone has a recommendation on how to set Android to authenticate via certifitace (TLS)? I am trying to avoid using 802.1x (User/Pass) for them....

 

Thanks,

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: