Semi-OT: Mime type for CA certificates on Android (landing page browser)

Mathieu Simon (Lists) matsimon.lists at
Wed May 1 11:55:07 CEST 2019


It's partially off-topic to FreeRADIUS specifically, however it's
related to provisioning and configuration so I give it a shot:

I've been sending users through a open setup-only SSID to an
informational page where I'd either forward them to
(previously for platforms supported there. For others
like Android I'd provide instructions on how to get connected manually.

On that page we'd link a download to the CA certificate the Android
supplicant should trust for the encrypted SSID and I'd show the users
how to get it loaded. I remember this having worked over a couple of
Android vendors.

I've come to realize that more recent Android's landing page browsers
would request the certificate (according to the Webserver logs) but then
wouldn't do anything on the user side. - Users can't even download it.

Back then I remember that I had to tweak the MIME type for Apple's
.mobileconfig and certificate files (application/x-apple-aspen-config)
files on the webserver. Also some Androids required to set
application/x-x509-ca-cert for PEM encoded CA certificates to be
downloaded correctly but that doesn't seem to work anymore.
(wget --verbose shows the type)

Is there something Android / Chrome has changed that I need to take care
of in order to fix certificate downloads?

Maybe people related to eduroam have experience?
(Though eduroam can use an Android app, even if it's not perfect yet)


More information about the Freeradius-Users mailing list