Hi All, For EAP-TLS Advance Android Wifi Configuration, devices need to be authenticated and need have individual user certificates to communicate with the server. Each device needs to have it's own certificate which is signed by the CA.
When sending EAP TLS Wifi Policy to the devices, it is not practical to generate certificates for each and every device and send along with the policy. iOS uses SCEP protocol to generate individual user certificates and install them at the time of the enrollment. We can use this similar approach to install user certificates to Android devices. When enrolling a device, Android device will generate a key, create a CSR and talk to the SCEP server with the user challenge and obtain user certificate signed by CA. It will be used later for above Wifi configurations when it needs a user certificate. Please let us know your suggestions about this approach. References: [1] - https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/OTASecurity/OTASecurity.html -- Regards, Chatura Dilan Perera *Senior Software Engineer** - WSO2 Inc.* www.dilan.me
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
