on 02-25-2016 10:43 AM
Hi
We have a strange problem at one customer... if we try to enroll a Android Device the enrollment fails. In the Afaria LOG we see the following Message:
We also see this Message (and are unable to enroll a android device) if we try to use the Google Short Code for enrollment.
We have checked the SSL Certificat of Relay Server and this is OK... Also we are able to enroll iOS and Windows Phone Devices on the same server... does anyone have an Idea how we can solve this problem?
Regards
Gianni
PS: We have a Afaria 7 SP9 installation.....
Hi Mandy
OK, today we have make some tests without the SSL Cert. And over HTTP we are able to enroll Android Devices...
Then we have search the different between our installation and the installation from customer... (we have both a SLL Cert from the same Vendor)....
The only different that we have found
Our certificat is newer and comes with a SHA-256 encryption. On customers side, they have a Old certificate with SHA-1 encryption... can it be possible, that Android devices have problem with SHA1?
Regards
Gianni
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Gianni,
I’m not finding anything that suggests that Android does not support connecting via SSL to a server using a SHA-1 SSL certificate. It could be, however, that even though both of your SSL certs are from the same vendor, they may have different root and intermediate CA certificates. The device may not have the root and intermediate certificates auto-installed for the customer’s certificate, and so it may not trust the SSL certificate being presented by the customer’s Relay Server.
To test, open the customer’s SSL certificate on a computer > Click the Certification Path tab > Double click on the root certificate > Navigate to the Details tab of the cert > Look at the thumbprint. Do this same process for the intermediate certificate(s) in the certification path as well. Compare these thumbprints to the root and intermediate certificates for your SHA-256 certification path. If there is a difference, between your and the customer’s root or intermediate certs, then manually install the customer’s root and intermediate certs on the Android device (in the Trusted Root store). Then attempt to connect to the server via HTTPS.
Best,
Mandy
Hi Mandy
Thanks for your answer... i will test this with customer today and provide the results asap...
Regards
Gianni
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Gianni,
Please take a look at this SCN doc Android Troubleshooting Guide (Enrollment) - SAP Mobility - SCN Wiki and the support notes http://service.sap.com/sap/support/notes/2181372
This may help you to resolve the issue.
Kind Regards,
Sushmitha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Gianni,
I figured it was, but I had to ask. I would try deleting the code and generating a new one and see if that clears the issue. If that doesn't work or has already been tried I would make sure the url being passed (appears in the enrollment policy) has the correct format for androids. It should end in a -10.
Tracy
Hi Gianni,
A couple of things here—
Thanks,
Mandy Spivey
SAP Product Support
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.