Supported Wi-Fi Configurations

ArborXR offers Wi-Fi configuration functionality where users can create and configure a library of Wi-Fi networks, then remotely provision configurations to devices to remotely connect them to new networks. Below are details on the supported security types, certificates, and proxies.

Security 

  • Open 
    • Open (Unsecured)
      • This type has no further settings.
    • OWE (Opportunistic Wireless Encryption)
      • Only supported by devices that run Android 10 (or later) and are certified as "Wi-Fi Certified Enhanced Open".
      • This type has no further settings.
  • Personal 
    • WPA/WPA2
      • Technical name is PSK (Pre-Shared Key).
      • This is either WPA-Personal (WPA-PSK) or WPA2-Personal (WPA2-PSK).
      • Password: String 8 to 63 characters.
    • WPA3
      • Only supported by devices that run Android 10 (or later) and specifically advertise support for this.
      • Technical name is SAE.
      • Also called WPA3-Personal (WPA3-PSK).
      • Password: String of 1 to 63 characters.
  • Enterprise 
    • WPA/WPA2
      • Technical name is EAP.
      • This is either WPA-Enterprise or WPA2-Enterprise.
      • EAP Method, one of:
        • PEAP (Protected Extensible Authentication Protocol, also called "Protected EAP")
          • Phase2 Method, one of:
            • MSCHAPv2 (Microsoft's Challenge Handshake Authentication Protocol version 2)
              • Identity: String
              • Password: String
            • GTC (Generic Token Card)
              • Identity: String
              • Password: String
          • CA Certificate: X.509 certificate (see below section for details)
            • OCSP stapling: See below section for details.
            • Domain: String
          • Anonymous Identity: String
        • TLS (Transport Layer Security)
          • (Optional) User Certificate: X.509 certificate (see below section for details)
          • CA Certificate: X.509 certificate (see below section for details)
            • OCSP stapling: See below section for details.
            • Domain: String
          • Identity: String
        • TTLS (Tunneled Transport Layer Security)
          • Phase2 Method, one of:
            • PAP (Password Authentication Protocol)
            • MSCHAP (Microsoft's Challenge Handshake Authentication Protocol version 1)
            • MSCHAPv2 (Microsoft's Challenge Handshake Authentication Protocol version 2)
            • GTC (Generic Token Card)
          • CA Certificate: X.509 certificate (see below section for details)
            • OCSP stapling: See below section for details.
            • Domain: String
          • Identity: String
          • Anonymous Identity: String
          • Password: String
        • PWD (Password)
          • Identity: String
          • Password: String
    • WPA3-Enterprise
      • Only supported by devices that run Android 10 (or later) and specifically advertise support for this.
      • Technical name is EAP Suite-B.
      • Settings: Except for more supported authentication methods, this is the same as EAP-TLS. However, the user certificate is required.

Certificates

Some of the enterprise WPA3 (i.e. EAP) methods require the use of (CA or user) certificates.

Certificates must be an X.509 certificate in Base64-encoded DER format (i.e. PEM) representation of a certificate without header, footer and line breaks. More information can be found in RFC 7468.

Instead of specifying a CA certificate, the device's system certificates can be used.

OCSP (Online Certificate Status Protocol) Stapling

Some of the enterprise WPA3 (i.e. EAP) methods require the use of a CA certificate, and thus require setting whether (and how) to check the revocation status of the certificate.

  • Only supported by devices that run Android 11 (or later). This setting is ignored on devices running earlier version of Android.
  • Formally known as the "TLS Certificate Status Request" extension.
  • Enum, one of:
    • None (Don't staple)
    • Request Status (Try to staple, but don't require a response)
    • Require Status (Require a valid response)
    • Require All non-trusted status (Require a valid response for all non-trusted certificates in the server certificate chain)

Proxy

Only supported by devices that run Android 8.0 (or later). 

  • Static
    • Host name: String
    • Port number: Integer from 0 to 65535
    • (Optional) List of hosts to bypass: String list
      • Can include wildcards, e.g. *.example.com, *.google.com
  • PAC (Proxy Auto-Config)
    • URL that points to a "PAC file": The file contains a JavaScript function FindProxyForURL(url, host) to dynamically decide whether to connect via a particular proxy server, or directly

Have a suggestion or feature request? We'd love to hear!
Message ArborXR

Still need help? Contact Us Contact Us

Related Articles