Renewing Sectigo Root Certificate for SOTI MobiControl

After renewing certificates issued by the Sectigo Root Certificate, a security error occurs during device enrollment. 

The following error can be seen when device enrollment is attempted: 

Server Error: 

"Connection to server failed; SSL handshake failed."

Device Error:

"Security Certificate: The certificate for this server is invalid. You might be connecting to a website that is pretending to be (domain name), which could put your confidential information at risk."

The error prompts the option to "connect to the server anyway" but clicking continue does not bypass this issue.

Note: Even if the certificate path is in the certificate store of the server, the devices will not trust the certificate.

Any SOTI MobiControl environment where the "Sectigo" Root Certificate is used to sign the "Deployment Server Extensions & Web Console" certificate.

To address this issue, follow the steps below:

1. Navigate to the SOTI MobiControl Administration Utility, select the Certificates tab and select Import under Root Certificate Management.

2. Select the Sectigo Root Certificate and apply.

Note: Ensure the Root certificate is imported to the Windows certificate under Trusted Root Certification Authorities store before this action is taken

After manually importing Certificate Authority into the SOTI MobiControl Administration Utility, the certificate is recognized, and enrollment of devices works successfully with no security errors raised. The reason for this change is due to newer root certificates - Sectigo has updated its issuing of root certificates, which are no longer included in the default trust store of older versions of Android. 

This will be corrected in the newer versions of Android, thus eliminating the need for the above workaround.