Go to ArborXR
All Collections
Manage Devices
General
Supported WiFi Configurations

Supported WiFi Configurations

Current list of supported WiFi configurations, including security types, certificates, and proxy types.
Josh Franzen avatar
Written by Josh Franzen
Updated over a week ago

💡 ArborXR supports the remote provisioning of WiFi configurations where users can create and configure a library of WiFi networks, then remotely provision configurations to devices to remotely connect them to new networks. Below are details on the supported security types, certificates, and proxies.

For more information about remotely provisioning WiFi configurations to devices, see this article.

In this article

Security

  • Open

    • Open (Unsecured)

      • This type has no further settings.

    • OWE (Opportunistic Wireless Encryption)

      • Only supported by devices that run Android 10 (or later) and are certified as "WiFi Certified Enhanced Open".

      • This type has no further settings.

  • Personal

    • WPA/WPA2

      • Technical name is PSK (Pre-Shared Key).

      • This is either WPA-Personal (WPA-PSK) or WPA2-Personal (WPA2-PSK).

      • Password: String 8 to 63 characters.

    • WPA3

      • Only supported by devices that run Android 10 (or later) and specifically advertise support for this.

      • Technical name is SAE.

      • Also called WPA3-Personal (WPA3-PSK).

      • Password: String of 1 to 63 characters.

  • Enterprise

    • WPA/WPA2

      • Technical name is EAP.

      • This is either WPA-Enterprise or WPA2-Enterprise.

      • EAP Method, one of:

        • PEAP (Protected Extensible Authentication Protocol, also called "Protected EAP")

          • Phase2 Method, one of:

            • MSCHAPv2 (Microsoft's Challenge Handshake Authentication Protocol version 2)

              • Identity: String

              • Password: String

            • GTC (Generic Token Card)

              • Identity: String

              • Password: String

          • CA Certificate: X.509 certificate (see below section for details)

            • OCSP stapling: See below section for details.

            • Domain: String

          • Anonymous Identity: String

        • TLS (Transport Layer Security)

          • (Optional) User Certificate: X.509 certificate (see below section for details)

          • CA Certificate: X.509 certificate (see below section for details)

            • OCSP stapling: See below section for details.

            • Domain: String

          • Identity: String

        • TTLS (Tunneled Transport Layer Security)

          • Phase2 Method, one of:

            • PAP (Password Authentication Protocol)

            • MSCHAP (Microsoft's Challenge Handshake Authentication Protocol version 1)

            • MSCHAPv2 (Microsoft's Challenge Handshake Authentication Protocol version 2)

            • GTC (Generic Token Card)

          • CA Certificate: X.509 certificate (see below section for details)

            • OCSP stapling: See below section for details.

            • Domain: String

          • Identity: String

          • Anonymous Identity: String

          • Password: String

        • PWD (Password)

          • Identity: String

          • Password: String

    • WPA3-Enterprise

      • Only supported by devices that run Android 10 (or later) and specifically advertise support for this.

      • Technical name is EAP Suite-B.

      • Settings: Except for more supported authentication methods, this is the same as EAP-TLS. However, the user certificate is required.

Certificates

Some of the enterprise WPA3 (i.e. EAP) methods require the use of (CA or user) certificates.

  • Certificates must be an X.509 certificate in Base64-encoded format (i.e. PEM) representation of a certificate without header, footer and line breaks. More information can be found in RFC 7468.

  • If your .crt file is in DER format, you will need to convert it to PEM format using the OpenSSL toolkit. Below is a command to use OpenSSL to convert a DER .crt file to a PEM .crt file that Android expects. After converting it, open the resulting file in a text editor to copy the contents and paste it into the CA Certificate or User Certificate text input within ArborXR's WiFi configuration modal.

    openssl x509 -inform DER -outform PEM -in ca_cert_der.crt -out ca_cert_pem.crt

⚠️ NOTE: Replace ca_cert_der.crt with the path to your DER .crt file, and replace ca_cert_pem.crt with the filepath where you wish to save the resulting file.

Instead of specifying a CA certificate, the device's system certificates can be used.

OCSP (Online Certificate Status Protocol) Stapling

Some of the enterprise WPA3 (i.e. EAP) methods require the use of a CA certificate, and thus require setting whether (and how) to check the revocation status of the certificate.

  • Only supported by devices that run Android 11 (or later). This setting is ignored on devices running earlier version of Android.

  • Formally known as the "TLS Certificate Status Request" extension.

  • Enum, one of:

    • None (Don't staple)

    • Request Status (Try to staple, but don't require a response)

    • Require Status (Require a valid response)

    • Require All non-trusted status (Require a valid response for all non-trusted certificates in the server certificate chain)

Proxy

Only supported by devices that run Android 8.0 (or later).

  • Static

    • Host name: String

    • Port number: Integer from 0 to 65535

    • (Optional) List of hosts to bypass: String list

      • Can include wildcards, e.g. *.example.com, *.google.com

  • PAC (Proxy Auto-Config)

    • URL that points to a "PAC file": The file contains a JavaScript function FindProxyForURL(url, host) to dynamically decide whether to connect via a particular proxy server, or directly

Did this answer your question?