It seems like there is a number of Android devices that have issues validating the server certificate for 802.1x authentication.

We did some research and it seems like it is a common issue with different Android OS and hardware flavors. We can’t put our finger on it but it seems like it is the native 802.1x supplicant within Android.

There are 3rd party supplicants but at this point this is not one that we can recommend.

We do not encourage anyone to connect to the ESSID “DefCon” without validating the server certificate.

As for the steps to correctly configure it:

  • go to https://wifireg.defcon.org
  • download the DigiCert Root Certificate
  • create your credentials on https://wifireg.defcon.org
  • some flavors of Android automatically understand it’s a cert and will prompt you for install, choose this cert to be used on WiFi (and not VPN and Apps)
  • go to wifi configuration
  • add new network
  • ESSID: DefCon
  • 802.1x Enterprise
  • PEAP
  • MSCHAPV2
  • Identify: enter username you created on wifireg
  • Password: enter password you created on wifireg

The configuration above is pretty much the same for any other devices out there.

Any further updates on this matter will be posted here.

tags: