I am trying to figure out why the andriod phone will work on our Cisco WPA2 Enterprise PEAP wireless when we use a custom internal certificate for authentication with our Cisco 1200 series AP's, ACS 4.x, and AD user group/accounts.
The certificate is not loaded on the client, nor from what I learned is very difficult to import for use when trying to install a MS generated certificate
I did debugs between my regular Domain computer which has the domain certificate, and the Andriod and collected captures; see attachment tabs.
I do see that the certificate is used somehow and I do see what looks like a ldap lookup.
See the attached xls sheet with a debug tab for each the PC and the android.
I stripped out any sensitive account/domain info for viewing.
I'm not sure if this is a potential security loophole or not and welcome a discussion on this.