This is an old revision of the document!

WiFi WPA Enterprise

Android 11+ Devices

NOTE: DRAFT!

Freeradius log:

eap_peap: TLS Alert read:fatal:unknown CA

Reason: The CA (Certification Authority) is not recognized by the client.

Cerficate used by Freeradius:

/etc/freeradius/3.0/mods-enabled/eap

    private_key_file = /etc/ssl/private/radius.int.example.com.key
    certificate_file = /etc/ssl/certs/radius.int.example.com.crt

Background:

https://extremeportal.force.com/ExtrArticleDetail?an=000092023

Hints:

Workaround for Android based phone:

Download own CA from URL. Do not install it.
Open Settings –> Security –> Encryption & Credentials –> Install a Certificate –> Wi-Fi Certificate

Try to connect to WPA Enterprise network
- EAP Method: PEAP
- Phase 2 authentication: MSCHAPV2
- CA certificate: Install. After installation choose just installed certificate
- Online certificate status: Do not verify

TODO

Add both certs to client ? how to add intermediate ca ?

/etc/freeradius/3.0/mods-enabled/eap

Use ca_path or ca_file not both. Using ca_path requires run c_rehash on pointed dir to created hashes do certs.

tls-config tls-common {
  private_key_password =
  private_key_file = ${certdir}/radius.int.example.com.key
 
  certificate_file = ${certdir}/radius.int.example.com.crt
  ca_path = ${cadir}
 
  auto_chain = yes
}

apt-get install eapoltest

Tools

menus and quick search

quick search

site status

Page Tools

meta data for this page

WiFi WPA Enterprise

Android 11+ Devices