Security

I am trying to setup Android devices to access the network using certificates from our SCEP with CPPM. Currently it is working just fine with iOS but we haven’t been able to make it work with Android.

 

From the SCEP side there is not much i can change since as i mentioned it is working just fine for iOS. Here are some screenshots from Access Tracker errors and AirWatch setup.

 

 Unfortunately there are not as many options on Android setup as they are for  iOS within AirWatch.

 

We are running CPPM 6.7.4

 

We have uploaded and trusted the same certificates we have for the iOS setup (CPPM radius certificates, Root CA, Signing CA, Proxy CA) but a bit confused on what which to use on the Android fields where it ask for Identity Cert and Root cert.

 

Looks like AirWatch is missing the EAP server identity fields. I would reach out to them and ask why they're not present.

Do you have by any chance a screenshot where it shows that field?

 

Thanks,

 

AP

No, I’m just speaking generically. The error is that the device doesn’t not trust the EAP server certificate and your config does not show the EAP server certificate validation options. You can see these on the device itself when adding a network.

When we look into the device all of our certificates are being downloaded and trusted same is done for iOS but for some reason doesn’t wok for Android.

There is no EAP server certificate trust in the Android config from the screenshot you posted.

Looks like Airwatch doesnt suport SCEP for Android....

 

from airwatch:

SCEP is not supported for Android on any version. SCEP is limited to only Windows and iOS devices. You will see a SCEP payload option in the profile configuration for both iOS and Windows but not for Android. However, you can still push SCEP certificates to Android devices via the credential payload.

 

Anyone has a recommendation on how to set Android to authenticate via certifitace (TLS)? I am trying to avoid using 802.1x (User/Pass) for them....

 

Thanks,