IMC

Android 2020 11 certificate validation and UAM/MSM

 
NeilR
Esteemed Contributor

Android 2020 11 certificate validation and UAM/MSM

Recently new Pixel android phones on 11 have not been able to authenticate to our Wifi system. The new version forces certificate validation and this seems like it may be the issue.

Setup is MSM765 controller using IMC as the radius server, MSCHAPv2. Our AD servers are configured as LDAP servers in the UAM access server setup. The root certficiate is from our AD domain, the imc server certificate is issued from that.

We would get the trust warning as the internal domain is not a trusted root CA for non-windows devices for the server certificate IMC is providing and once trusted it functions as desired.

Do we need to provide the AD root cert to the clients or change the IMC side to a trusted commercial cert chain?

1 REPLY 1
jguse
HPE Pro

Re: Android 2020 11 certificate validation and UAM/MSM

Hello Neil,

I think you've already outlined the two possible solutions in your question. If it's not a problem for you to install the CA's certificate as a trusted root cert on the devices, then you can go with that. On the other hand, if you can't install the cert as trusted on the devices in advance (ie. BYOD scenario), then you need to make sure you set up a trusted commercial certificate.

Best regards,
Justin

Working @ HPE
Accept or Kudo