My access point uses a certificate to validate its authenticity (prevents rogue APs). This is already setup and works on my other devices.
If I choose to skip this (CA certificate set to "Do not validate" then I can connect. But when i try to enable it the connection fails. I have tried to set the domain to "morgan.lan" (my trusted root cert, this is what's actually installed on the phone), "snas.morgan.lan" (the cert that is signed by morgan.lan and is installed on the machine providing wifi), and ldap.morgan.lan (the ldap namespace, more for username stuff than certificates).
here is a screenshot of my settings https://imgur.com/5xklWgC and if I do a adb logcat -b all -v raw WifiNetworkHistory:V WifiStateMachine:V *:S -v color then I get this message as an error (though it doesn't seem to tell me anything useful).
Supplicant SSID temporary disabled:- DSBLE ID: 24 SSID: "Morgan" PROVIDER-NAME: null BSSID: null FQDN: null PRIO: 0 HIDDEN: false
NetworkSelectionStatus NETWORK_SELECTION_TEMPORARY_DISABLED
mNetworkSelectionDisableReason NETWORK_SELECTION_DISABLED_AUTHENTICATION_FAILURE
NETWORK_SELECTION_DISABLED_AUTHENTICATION_FAILURE counter:5
hasEverConnected: true
numAssociation 1
update time=09-01 17:14:52.700
creationtime=09-01 17:03:37.331
validatedInternetAccess
KeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN
AuthAlgorithms:
PairwiseCiphers: TKIP CCMP
GroupCiphers: TKIP CCMP
PSK:
Enterprise config:
altsubject_match NULL
password <removed>
ca_path "/system/etc/security/cacerts"
subject_match NULL
engine 0
client_cert NULL
anonymous_identity NULL
ca_cert NULL
identity "christopher@ldap.morgan.lan"
domain_suffix_match "morgan.lan"
key_id NULL
engine_id NULL
IP config:
IP assignment: DHCP
Proxy settings: NONE
networkSelectionBSSID=00:c0:ca:8a:f2:9b
blackListed: 1504298557sec cuid=1000 cname=android.uid.system:1000 luid=1000 lname=android.uid.system:1000 lcuid=1000 userApproved=USER_APPROVED noInternetAccessExpected=false isCarrierNetwork=false
lastConnected: 652sec roamingFailureBlackListTimeMilli: 1000
triggeredLow: 0 triggeredBad: 0 triggeredNotHigh: 0
ticksLow: 0 ticksBad: 0 ticksNotHigh: 0
triggeredJoin: 0
If I choose to skip this (CA certificate set to "Do not validate" then I can connect. But when i try to enable it the connection fails. I have tried to set the domain to "morgan.lan" (my trusted root cert, this is what's actually installed on the phone), "snas.morgan.lan" (the cert that is signed by morgan.lan and is installed on the machine providing wifi), and ldap.morgan.lan (the ldap namespace, more for username stuff than certificates).
here is a screenshot of my settings https://imgur.com/5xklWgC and if I do a adb logcat -b all -v raw WifiNetworkHistory:V WifiStateMachine:V *:S -v color then I get this message as an error (though it doesn't seem to tell me anything useful).
Supplicant SSID temporary disabled:- DSBLE ID: 24 SSID: "Morgan" PROVIDER-NAME: null BSSID: null FQDN: null PRIO: 0 HIDDEN: false
NetworkSelectionStatus NETWORK_SELECTION_TEMPORARY_DISABLED
mNetworkSelectionDisableReason NETWORK_SELECTION_DISABLED_AUTHENTICATION_FAILURE
NETWORK_SELECTION_DISABLED_AUTHENTICATION_FAILURE counter:5
hasEverConnected: true
numAssociation 1
update time=09-01 17:14:52.700
creationtime=09-01 17:03:37.331
validatedInternetAccess
KeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN
AuthAlgorithms:
PairwiseCiphers: TKIP CCMP
GroupCiphers: TKIP CCMP
PSK:
Enterprise config:
altsubject_match NULL
password <removed>
ca_path "/system/etc/security/cacerts"
subject_match NULL
engine 0
client_cert NULL
anonymous_identity NULL
ca_cert NULL
identity "christopher@ldap.morgan.lan"
domain_suffix_match "morgan.lan"
key_id NULL
engine_id NULL
IP config:
IP assignment: DHCP
Proxy settings: NONE
networkSelectionBSSID=00:c0:ca:8a:f2:9b
blackListed: 1504298557sec cuid=1000 cname=android.uid.system:1000 luid=1000 lname=android.uid.system:1000 lcuid=1000 userApproved=USER_APPROVED noInternetAccessExpected=false isCarrierNetwork=false
lastConnected: 652sec roamingFailureBlackListTimeMilli: 1000
triggeredLow: 0 triggeredBad: 0 triggeredNotHigh: 0
ticksLow: 0 ticksBad: 0 ticksNotHigh: 0
triggeredJoin: 0
Facebook
Twitter
Instagram