Community discussions

MikroTik App
 
abbasou
just joined
Topic Author
Posts: 1
Joined: Wed Dec 14, 2022 2:14 am

Picky Pixel 7 won't connect to 802.1x authenticated wifi - Certificate Issues

Wed Dec 14, 2022 7:10 pm

So unfortunately I am a complete noob when it comes to certificates and CAs and chains and all that. My explanations are going to be terrible and I'm going to need very specific instructions. Here's what's going on:

I recently got a Pixel 7 to replace my Galaxy S21. We run RADIUS authentication on our wifi here at work. All other devices have worked fine with it (except for when Microsoft broke it in Win11 22h2, but that's a different story), including Mac, Windows, ChromeOS, Android, and iOS devices, EXCEPT my Pixel 7. Did some googling, found out Google enforces the proper spec for certificate chain verification, without the option to simply not verify or just trust whatever cert is offered. Apparently Samsung and the others have opted for compatibility and ease-of-use rather than strict security, but I don't really know about all that.

So we had a LE cert which apparently recently expired, though none of the existing devices on the network seemed to care. We (my boss) tried to renew, but it didn't seem to work properly. Got the updated name with the time stamp of when it was "renewed" but still shows expired (FLAGS = KET). I've heard ROS 7 has some issues with LE or something. I don't know enough about all that.

Next we tried to import another valid, trusted cert from another device we have (Synology NAS), but that didn't work at all. When trying to select that cert in CAPsMAN and User Manager, all of our wifi just went down (like it was disabled). Was it necessary to install that cert on all devices on the network?

Finally, what I just tried this morning, was, in CAPsMAN, select "auto" for CA certificate, which generated a new self-signed cert. When I selected this one in User Manager and CAPsMAN, everything came back up and all the old devices reconnected without issue. It's still my stinking Pixel 7 that does not want to connect. I select "trust on first use" and enter my username and password and it says "Certificate Chain Invalid." I even installed that auto-generated cert onto the the device, but it asks for a domain, which is not populated in the auto-gen certificate.

Is there no hope for my Pixel? Is there something else I can do? Is there a way to add a subject-alt-name to that auto-cert so I can enter a domain on my Pixel? Is there any risk in just removing the expired LE cert and creating a new, proper cert?

Tell me what configs you want to see and I'll post. I'm sorry, I don't really understand certificates that well, nor do I know all about enterprise wifi deployments. Just trying to fumble my way around.

Who is online

Users browsing this forum: Maknz, Semrush [Bot] and 29 guests