Hi, Ramkumara11.
{UserPrincipalName}
Hi, RickChau!
Do you send to the device Root CA certificate, that signed certificate for RADIUS server?
I have working process with Samsung rugged devices (5.1.1 and 6.0.1 android). There were no problems for me to set up certificate based WiFi on them.
Hi all,
I've had a whale of a time getting ISE and AirWatch to connect to our internal Wi-Fi using device certificates for both iOS and Android. Both had their respective issues, however now working. We are using Sectigo to issue certificates (hosted) and using the SECP protocol (I know I'm sorry 😞 ), although should work using ACDC as well.
So the CA is setup pointing to our SCEP URL and the template too, the Subject Name needed the full string in there which was one of the primary issues I had. I believe the SAN types had to be in there too.
iOS
This took a while but is the simplest by far, the only certs I needed were our internal root, the SSL cert issued by the public CA, and the internal CA. The Internal CA must be the Identity certificate. All certs also need to be set as trusted in the same payload and the trusted service certificate names need to be in for your domain (e.g. *.acme.com), we used EAP-TLS to authenticate and {EnrollmentUser} as our user name. The public roots are already installed on the devices by default so no need for those, and this got it working.
Android
From my findings, Androids needed the full chain of trust for everything. So they needed the Internal CA configuring, along with the public SSL cert as well as the Global Root and Intermediate certs that signed the SSL. The correct intermediate is needed as those aren't on the devices by default. The Internal root & intermediate were also required. I used SFA = TLS and {EnrolmentUser} as the Identity, the ID certificate needs to be the internal issuing CA and the Root needs to be the Public root you've uploaded.
Hopefully this helps someone who went through the hell I went through to get this working.
Hi gmanjohal
Good to see u get it working.
IF u dont mind, can u share ur Wi-Fi payload and credentials payload screenshot?
I espeically want to see what is added in the "Credentials" payload?
WE are unable to setup Wi-Fi for droids phone. Note: WE use the PKI infrastructure tho, not scep.
We have cert-based WiFi working as well with Cisco ISE only when 'Force WiFi Whitelisting' is not enforced.
I wonder if this setting is generally enabled among other AirWatch admins.
Hi @chengtmskcc
Can u share the screenshot of the profile?
Hi, I Have the same problem can you help me plz or share any doc ?
thanks in advance