Meraki

Community

Android 11 - Meraki Authentication - certificate for radius.meraki.com - Not trusted

Tadpole86
Getting noticed
‎Apr 28 2021 1:08 PM
‎Apr 28 2021 1:08 PM

Android 11 - Meraki Authentication - certificate for radius.meraki.com - Not trusted

Can anybody help?

 

Since Android 11 was released I can no longer connect some users to a SSID using Meraki Authentication.

 

The firmware update from Android essentially removes the users capability of choosing to trust a certificate. This is apparently in line with the WI-FI alliance WPA3 specification. So we are likely to see this issue with other operating systems over time. As I understand, this move is to stop users potentially connecting to a imposter AP and handing over there credentials to a malicious person.

 

Working with Meraki support I’ve basically been told it’s a device side issue.

 

Ok, so my devices don’t trust the radius.Meraki.com certificate out of the box. If I look at the untrusted certificate it’s signed by sectigo.

 

If I navigate to the sectigo site and download the certificates and install them, I am still being blocked. I’ve tried a few

https://support.sectigo.com/articles/Knowledge/Sectigo-Intermediate-Certificates

 

Can anyone enlighten me, my understanding of certificates is high level. I reached the end of my knowledge.

 

On a second point, why are Meraki using a certificate that is not commonly supported. Both Android and Apple devices are prompted to trust. From my basic understanding I would think that if you went with a provider such as godaddy would this be a problem in the first place.

 

0 Kudos
2 Replies 2
Inderdeep
Kind of a big deal
Kind of a big deal
‎Apr 28 2021 1:14 PM
‎Apr 28 2021 1:14 PM

@Tadpole86 : check this out 

https://documentation.meraki.com/MR/Encryption_and_Authentication/WPA2-Enterprise_PEAP_Android_11_Se...

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
In response to Inderdeep
Tadpole86
Getting noticed
‎Apr 28 2021 2:02 PM
‎Apr 28 2021 2:02 PM

Thanks @Inderdeep 

 

Meraki Authentication is what I want to use. Having the user database hosted for us in the cloud and a simple username and password has been working great for years. Switching to RADIUS or AD requires alot of heavy lifting to implement, manage and maintain for out small requirement. Trusted Access is not suitable for us yet due to the number of windows devices. 

 

If anyone has anything to add on the specifics of getting Meraki Authentication to work with Andriod 11 that would be great. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.