Wireless Access

last person joined: 10 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Android with Aruba TLS SSID

This thread has been viewed 2 times

  • 1.  Android with Aruba TLS SSID

    Posted Dec 07, 2012 08:20 AM

    im trying to setup an EAP TLS protected SSID, it works for my Windows 8 laptop. but my Android 4.0.4 phone simply doesn't want to connect. when googling for android (EAP) TLS / Wifi / ... i find lots of complaining and such, but not even basic information on how to configure it.

     

    is there anyone here who has EAP TLS working between Aruba (or other vendor) and an Android device?

     

    I have imported my client certificate and the CA which signed it on the Android device. I also imported the CA certificate that signed the controller certificate (not an offical CA btw).

     

    my current wifi settings on the Android are:

     

    EAP method: TLS

    Phae 2: None

    CA certificate: the CA for the client certificate (unsure why i need to provide this)

    User certificate: the client certificate

    Identity: Empty

    Anonymous identity: Empty

    Password: Empty

     



  • 2.  RE: Android with Aruba TLS SSID

    EMPLOYEE
    Posted Dec 07, 2012 11:03 AM

    Hi

     

    You should use the following settings:

     

    EAP method: TLS

    Phae 2: None

    CA certificate: the CA for the client and Server certificate

    User certificate: the client certificate

    Identity: <user id>

    Anonymous identity: Empty

    Password: Empty

     

    CA certificate: You should provide the certificate of the CA signing both your certificate and the AAA server's. This has to be provided in order to securely validate the server ID.

     

    Identity: You should provide your identity. I'm not sure if it's compulsory but in this field you usually enter the same id you used to generate the client certificate.

     

    If all that is ok and your WLAN still doesn't work, make sure you've imported your certificates properly. The client certificate should be a .pem cert containing the private key. The CA certificate only has to have the public key, and .cer format should work.

     

    Try it and tell us if you still have any issues.

     

    Regards

     

     

     

     



  • 3.  RE: Android with Aruba TLS SSID

    Posted Dec 08, 2012 07:20 AM

    thank you, one thing that is certainly different is the CA for the client and the server certificate. is it compulsory that it is the same? because for example with a laptop it isn't.



  • 4.  RE: Android with Aruba TLS SSID

    EMPLOYEE
    Posted Dec 09, 2012 02:54 AM

    Hi

     

    It was a simplification. What you really need is the server certificate to be signed by a a CA that's trusted in your phone. The same happens on the other end, your client server has to be signed by a CA that's trusted by the AAA server.

     

    If you wish to understand the whole process a bit better, there's a great series of posts explaining how digital certs work:

    http://community.arubanetworks.com/t5/Authentication-and-Access/Digital-Certificates-5-part-series/m-p/22752/highlight/true#M219

     

    BR



  • 5.  RE: Android with Aruba TLS SSID

    Posted Dec 10, 2012 12:52 PM

    thanks for the info, i believe i understand the principle, it just didn't work out for some reason.

     

    i now have a working setup with the the same CA for server and client certificate. im going to test some more so see what does and doesn't work.



  • 6.  RE: Android with Aruba TLS SSID

    EMPLOYEE
    Posted Dec 10, 2012 02:21 PM

    That's probably due to the client certificate format. I had a lot of trouble with my phone as well. Nevertheless, it ended up working when I used .pem format.

     

    BR