SOTI Pulse Logo

SOTI MobiControl v14.4.9 Update --> SSL Handshake Certificate "failure"

Solved
BW
Benjamin, Wilts
Taneri Consulting GmbH (TCG Global)

Hi,

one of our customers updated his SOTI Version to 14.4.9 today.

He's getting a SSL-Handshake / Certificate failure on some devices now, as well as other devices who are connecting, disconnecting and reconnecting every 2-5 minutes.

In the admin utility the customers mentioned that the certificate was FQDN, but after the installation it was the primary IP. He changed it to FQDN, not getting the errors.

See screenshots and log

2020-04-16 12:50:16.555|AsyncTask #3|D|AP|[AppCatalogX509TrustManager][isChainTrusted] unable to verify certificate with net.soti.ssl.EnterpriseTrustChecker|
2020-04-16 12:50:16.567|AsyncTask #3|E|AP|[ssl] Error occurred|javax.net.ssl.SSLException: [verifyIpAddress] failed. Hostname[IP Cns[[[2, FQDN]]]
    at net.soti.ssl.DefaultHostnameVerifier.verifyIpAddress(SourceFile:52)

Any ideas?

What would be correct? Put the certificate with IP Address back in order or use FQDN?

Thanks for your thoughts,

Regards,

Benny

5 years ago
Android
ANSWERS
RC
Raymond Chan Diamond Contributor
5 years ago

From my personal hands-on experience, it is very rare that any MobiControl installation executable would incorrectly detect any network related parameter when upgrading from a working implementation.  Even if it does, it is always possible to override with the right parameters in the original implementation before proceeding with the installation, as long as there is a record of what was set earlier (viewable with MCadmin utility).

In general,  under normal circumstances,  FQDN rather than the IP address should be used for the primary device agent and device-management address, especially when a paid third-party SSL certificate binded to the FQDN is used.   On Android devices, it is usually relatively easy to fix the "SSL-Handshake / Certificate failure" warning/error without losing device control by simply setting back the right parameter with MCadmin utility, though the situation may change with actual network infrastructure and with ever-changing security requirements imposed by Google. 

Solution
D
DDMOD@SOTI
5 years ago

Hi Benjamin,

Thanks for posting!

Did you encounter any error while the installer was running?

Also, are you experiencing this error on every devices enrolled or a particular set of devices(as in only Android or any other platform)?

Regards,

BW
Benjamin, Wilts
5 years ago

Hi,

no error on installation.

Android only.

Regards,

D
DDMOD@SOTI
5 years ago

Hi Benjamin,

Thanks for your prompt response!

Can you please raise a support case(click here) or call SOTI Support team(+1 905.624.9828) to assist you better as further troubleshooting is required to resolve the issue?

 

Regards,

Similar Discussions