Hi Chathura, +1 for the proposed approach of using SCEP for Wifi-certificate provisioning. This will help us achieve the best architecture for the functionality, while also making sure that the possibility of wifi credentials getting compromised is minimal.
Hi Prabath, Would you be able to share some feedback too as to if this is a viable approach? Cheers, Prabath On Wed, May 18, 2016 at 12:41 PM, Chathura Dilan <[email protected]> wrote: > Hi All, > > For EAP-TLS Advance Android Wifi Configuration, devices need to be > authenticated and need have individual user certificates to communicate > with the server. Each device needs to have it's own certificate which is > signed by the CA. > > When sending EAP TLS Wifi Policy to the devices, it is not practical to > generate certificates for each and every device and send along with the > policy. > > iOS uses SCEP protocol to generate individual user certificates and > install them at the time of the enrollment. We can use this similar > approach to install user certificates to Android devices. > > When enrolling a device, Android device will generate a key, create a CSR > and talk to the SCEP server with the user challenge and obtain user > certificate signed by CA. It will be used later for above Wifi > configurations when it needs a user certificate. > > Please let us know your suggestions about this approach. > > References: > > [1] - > https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/OTASecurity/OTASecurity.html > > -- > Regards, > > Chatura Dilan Perera > *Senior Software Engineer** - WSO2 Inc.* > www.dilan.me > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Prabath Abeysekara Technical Lead WSO2 Inc. Email: [email protected] Mobile: +94774171471
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
