Sep 28, 2021
Hi All,

I am trying to connect company-owned / unmanaged Android 11 devices to a Cisco WAP SSID using our public certificate wireless.fqdn

For my Galaxy A20 Android 11 phone , when connecting the SSID the phone returns:
'couldn't connect to network'
'couldn't authenticate connection'

On the NPS Server, the wireless.fqdn certificate is installed in the Certificates (Local Computer) Personal / Certificates container

We are using Windows NPS/PEAP/MS-CHAPv2 which I believe requires a certificate on the server-side only
I believe PEAP encapsulates the EAP type MS-CHAPv2 authentication in a secure TLS tunnel.

As a further configuration item, I installed the wwireless.fqdn certificate into the cert store on my Android device (User certificates, installed for WiFi)

NPS / RADIUS Server is Windows Server 2016 Datacenter
NPS Role installed with the following Windows NPS Policy

Connection Request Policy:
Wireless connections, NAS Port Type: wireless - other or wireless IEEE 802.11

Network Policy: Staff
Wireless - Other OR Wireless IEEE 802.11
Windows Groups: ADDSGroup
Calling Station ID: ^[^:]+:SSID$

EAP TypesMicrosoft: Protected EAP (PEAP)
Edit / certificate issued to: wireless.fqdn
Issuer: DigiCert TLS RSA SHA256 2020 CA1
Enable Fast Reconnect
EAP Type:
Seure password (EAP-MSCHAP v2)

Android 11:
I got into settings / biometrics and security
Other security settings
PFX user certificates: wireless.fqdn installed for WiFi (contains root/intermediate/cert chain)
View security certificates / system / CA root
No user certificates

Click the WiFI SSID / manage
EAP method: PEAP
Enter identity / password
CA certificate: Use system certificates (if I choose 'select certificate' there is nothing to select, android stated in a red color "CA certificate must be selected")
Online certificate status: don't validate
Domain: wireless.fqdn

When connecting to the SSID the phone returns:
'couldn't connect to network'
'couldn't authenticate connection'

MAC of Android phone not in NPS logs

Hope someone with more experience can assist.

Forgot your password?
or Log in using