Hello all, I've been testing with 2 devices (Samsung s10 upgraded to android 11 and Samsung s20 also upgraded to android 11). It seems that I'm still able to select "Do not validate" on these devices.
Is this because these devices were upgraded to android 11 and that the newer devices which were released with android 11 don't allow the "Do not validate"? Or are the pixel phones the only ones? Regards, Mathieu Van: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Namens Hurt,Trenton W. Verzonden: maandag 1 februari 2021 22:47 Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Onderwerp: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021 FYI I just received the following from securew2 about some additional security changes coming to android 11. This action will need to take place before the upcoming Android application update that is planned for February 15th, 2021. As you may already be aware, Google mandates server validation to be properly configured for WiFi from Android version 11. This means that any 802.1X WiFi configuration without the following two settings will fail to connect. 1. Server Validation 2. Connect to these server names For more information about these configurations, please read below. What is Server Validation in a Network Profile? This configuration item is for clients to validate a RADIUS server certificate chain during an EAP authentication. Clients would forward its requests only when the received server certificate is signed by the CA that is configured on the SecureW2 Network Profile. It may be required to upload only the Root CA of the RADIUS server certificate, however, in some cases, the full chain may need to be provided. What is the Connect to these server names field? This field is used to specify the name of your RADIUS server certificate using its Common Name. If there is only one RADIUS server in your setup, you can quickly find this name from the certificate. If there are more than one RADIUS servers, or if the RADIUS server Common Name has more than two subdomains, we advise to use a wildcard name. For example: If the RADIUS server certificate's Common Name = radius.domain.com Connect to these server names should be radius.domain.com If the RADIUS server certificate's Common Name = radius.lab.department.domain.com Connect to these server names should be *.department.domain.com or *.domain.com Thanks Trent Trenton Hurt, CWNE #172,ACMP,ACCP,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S) Network Analyst University of Louisville Phone (502) 852-1513 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cmathieu.sturm%40HOGENT.BE%7C01d70b32f6bc4a8d904d08d8c6fad941%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637478127993118942%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=iO1ctl3yz8Ebo3Qt11kr%2FFBHLAAjN%2BKoWqMsPnQIMDI%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community