<div dir="ltr">Maybe these versions of Android can only handle the "legacy" algorithms?<div>Try adding the "-legacy" option when creating the PKCS#12 files.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Mar 10, 2023 at 11:11 AM <a href="mailto:clement.legoffic@kelio.com">clement.legoffic@kelio.com</a> <<a href="mailto:clement.legoffic@kelio.com">clement.legoffic@kelio.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div class="msg-7446572091713990950">
<div lang="FR">
<div class="m_-7446572091713990950WordSection1">
<p class="MsoNormal"><span lang="EN-GB">Hello<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">I am using openssl to create my certificates for a 802.1X environnment with a freeradius server.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">I use the freeradius Makefile to generate my keys and certs :<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><a href="https://urldefense.com/v3/__https://github.com/FreeRADIUS/freeradius-server/blob/v3.2.x/raddb/certs/Makefile__;!!BN3BN5aqUA!7oHKFONz_mQzi19g08SqWx0HXNHo73zc8e_3wzOvm7cmvHHrlNrE_ZPxGrs1j8ApofUkTcN09znNGna9Giln4Lqzl_3fDEQ$" target="_blank">https://github.com/FreeRADIUS/freeradius-server/blob/v3.2.x/raddb/certs/Makefile</a><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">The Makefile works well and certificates too, I am able to authenticate to my Freeradius server with a embedded Linux device that has the ca cert and client cert installed.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">I need to make my solution working with Android device.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">So I use the p12 file generated by the Makefile on my Android phone (it contains the same priv key and certificates used by the embedded linux device)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">The fact is that I cannot import my p12 file in either an Android 10 neither on an Android 13.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">After asking the freeradius mailing list that told me the p12 file is working well, I was wondering if the error has already been encounter by openssl users<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">So, do you ever had problems importing p12 or cert/key file on android ?<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB">Thanks<u></u><u></u></span></p>
</div>
<br>
<font face="Arial" color="Gray" size="1"><br>
Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis a l'intention exclusive de ses destinataires.<br>
Si vous recevez ce message par erreur, merci de le detruire et d'en avertir immediatement l'expediteur par e-mail.<br>
Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Les communications sur Internet n'etant pas securisees, l'expediteur informe qu'il ne peut accepter
aucune responsabilite quant au contenu de ce message.<br>
This mail message and attachments (the "message") are solely intended for the addresses. It is confidential in nature.<br>
If you receive this message in error, please delete it and immediately notify the sender by e-mail.<br>
Any use other than its intended purpose, dissemination or disclosure, either whole or partial, is prohibited except if formal approval is granted. As communication on the Internet is not secure, the sender does not accept responsibility for the content of this
message.<br>
</font>
</div>
</div></blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr">Cordialement,<div>Erwann Abalea.</div></div></div>