Security

Reply
Highlighted
Frequent Contributor I

Android setup using SCEP and AirWatch

I am trying to setup Android devices to access the network using certificates from our SCEP with CPPM. Currently it is working just fine with iOS but we haven’t been able to make it work with Android.

 

From the SCEP side there is not much i can change since as i mentioned it is working just fine for iOS. Here are some screenshots from Access Tracker errors and AirWatch setup.

 

 Unfortunately there are not as many options on Android setup as they are for  iOS within AirWatch.

 

We are running CPPM 6.7.4

 

We have uploaded and trusted the same certificates we have for the iOS setup (CPPM radius certificates, Root CA, Signing CA, Proxy CA) but a bit confused on what which to use on the Android fields where it ask for Identity Cert and Root cert.

 

Highlighted
Moderator

Re: Android setup using SCEP and AirWatch

Looks like AirWatch is missing the EAP server identity fields. I would reach out to them and ask why they're not present.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor I

Re: Android setup using SCEP and AirWatch

Do you have by any chance a screenshot where it shows that field?

 

Thanks,

 

AP

Highlighted
Moderator

Re: Android setup using SCEP and AirWatch

No, I’m just speaking generically. The error is that the device doesn’t not trust the EAP server certificate and your config does not show the EAP server certificate validation options. You can see these on the device itself when adding a network.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor I

Re: Android setup using SCEP and AirWatch

When we look into the device all of our certificates are being downloaded and trusted same is done for iOS but for some reason doesn’t wok for Android.

Highlighted
Moderator

Re: Android setup using SCEP and AirWatch

There is no EAP server certificate trust in the Android config from the screenshot you posted.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor I

Re: Android setup using SCEP and AirWatch

Looks like Airwatch doesnt suport SCEP for Android....

 

from airwatch:

SCEP is not supported for Android on any version. SCEP is limited to only Windows and iOS devices. You will see a SCEP payload option in the profile configuration for both iOS and Windows but not for Android. However, you can still push SCEP certificates to Android devices via the credential payload.

 

Anyone has a recommendation on how to set Android to authenticate via certifitace (TLS)? I am trying to avoid using 802.1x (User/Pass) for them....

 

Thanks,

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: