Hi All,
I am trying to connect company-owned / unmanaged Android 11 devices to a Cisco WAP SSID using our public certificate wireless.fqdn
For my Galaxy A20 Android 11 phone , when connecting the SSID the phone returns:
'couldn't connect to network'
'couldn't authenticate connection'
On the NPS Server, the wireless.fqdn certificate is installed in the Certificates (Local Computer) Personal / Certificates container
We are using Windows NPS/PEAP/MS-CHAPv2 which I believe requires a certificate on the server-side only
I believe PEAP encapsulates the EAP type MS-CHAPv2 authentication in a secure TLS tunnel.
As a further configuration item, I installed the wwireless.fqdn certificate into the cert store on my Android device (User certificates, installed for WiFi)
NPS / RADIUS Server is Windows Server 2016 Datacenter
NPS Role installed with the following Windows NPS Policy
Connection Request Policy:
Wireless connections, NAS Port Type: wireless - other or wireless IEEE 802.11
Network Policy: Staff
CONDITIONS:
Wireless - Other OR Wireless IEEE 802.11
Windows Groups: ADDSGroup
Calling Station ID: ^[^:]+:SSID$
CONSTRAINTS:
EAP TypesMicrosoft: Protected EAP (PEAP)
Edit / certificate issued to: wireless.fqdn
Issuer: DigiCert TLS RSA SHA256 2020 CA1
Enable Fast Reconnect
EAP Type:
Seure password (EAP-MSCHAP v2)
Android 11:
I got into settings / biometrics and security
Other security settings
PFX user certificates: wireless.fqdn installed for WiFi (contains root/intermediate/cert chain)
View security certificates / system / CA root
No user certificates
Click the WiFI SSID / manage
EAP method: PEAP
Enter identity / password
CA certificate: Use system certificates (if I choose 'select certificate' there is nothing to select, android stated in a red color "CA certificate must be selected")
Online certificate status: don't validate
Domain: wireless.fqdn
When connecting to the SSID the phone returns:
'couldn't connect to network'
'couldn't authenticate connection'
MAC of Android phone not in NPS logs
Hope someone with more experience can assist.
Thanks!
I am trying to connect company-owned / unmanaged Android 11 devices to a Cisco WAP SSID using our public certificate wireless.fqdn
For my Galaxy A20 Android 11 phone , when connecting the SSID the phone returns:
'couldn't connect to network'
'couldn't authenticate connection'
On the NPS Server, the wireless.fqdn certificate is installed in the Certificates (Local Computer) Personal / Certificates container
We are using Windows NPS/PEAP/MS-CHAPv2 which I believe requires a certificate on the server-side only
I believe PEAP encapsulates the EAP type MS-CHAPv2 authentication in a secure TLS tunnel.
As a further configuration item, I installed the wwireless.fqdn certificate into the cert store on my Android device (User certificates, installed for WiFi)
NPS / RADIUS Server is Windows Server 2016 Datacenter
NPS Role installed with the following Windows NPS Policy
Connection Request Policy:
Wireless connections, NAS Port Type: wireless - other or wireless IEEE 802.11
Network Policy: Staff
CONDITIONS:
Wireless - Other OR Wireless IEEE 802.11
Windows Groups: ADDSGroup
Calling Station ID: ^[^:]+:SSID$
CONSTRAINTS:
EAP TypesMicrosoft: Protected EAP (PEAP)
Edit / certificate issued to: wireless.fqdn
Issuer: DigiCert TLS RSA SHA256 2020 CA1
Enable Fast Reconnect
EAP Type:
Seure password (EAP-MSCHAP v2)
Android 11:
I got into settings / biometrics and security
Other security settings
PFX user certificates: wireless.fqdn installed for WiFi (contains root/intermediate/cert chain)
View security certificates / system / CA root
No user certificates
Click the WiFI SSID / manage
EAP method: PEAP
Enter identity / password
CA certificate: Use system certificates (if I choose 'select certificate' there is nothing to select, android stated in a red color "CA certificate must be selected")
Online certificate status: don't validate
Domain: wireless.fqdn
When connecting to the SSID the phone returns:
'couldn't connect to network'
'couldn't authenticate connection'
MAC of Android phone not in NPS logs
Hope someone with more experience can assist.
Thanks!