Android 802.1x PEAP

Philippe MARASSE philippe.marasse at
Tue Sep 7 17:21:08 CEST 2021


My Android 11 (CalyxOS in fact) by default disables CA checking with

While EAP/PEAP+MSCHAPv2 is the preferred way to authenticate a iOS/macOS
device, on Android I prefer EAP-PWD, faster and if I'm not mistaken, not
less safe than EAP/PEAP without CA checking.


Le 25/08/2021 à 12:55, Munroe Sollog a écrit :
> It would seem like Android 11 disables the ability to disable CA checking,
> but I was looking for confirmation
> On Tue, Aug 24, 2021 at 8:51 PM Alan DeKok <aland at>
> wrote:
>> On Aug 24, 2021, at 7:47 PM, Munroe Sollog <mus3 at> wrote:
>>> Has anyone had any success getting an android 11 client to connect to a
>>> network using PEAP *without* side loading the certificate issuing
>> authority
>>> certificate?
>>   You have to (a) configure the CA, or (b) disable all CA checking.  This
>> is how PEAP works.
>>   It's not clear why you would want to do PEAP without checking the CA.
>>   Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See

Philippe MARASSE

Responsable pôle Infrastructures
Direction de l'Informatique, Support à la Communication et à l'Organisation (DISCO)
Centre Hospitalier Henri Laborit
CS 10587 - 370 avenue Jacques Cœur 
86021 Poitiers Cedex
Tel :

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4095 bytes
Desc: Signature cryptographique S/MIME
URL: <>

More information about the Freeradius-Users mailing list