Environment
ZENworks Configuration Management 2020
ZENworks Configuration Management 2017 Update 4
ZENworks Configuration Management 2017 Update 4
Situation
Android devices with OS 10 or higher will not enroll.
Older Android OS 9 devices and non-Android devices work
properly.
ZAPP logs gathered from the device and a stack trace show the
following error:
"Caused by: java.security.cert.CertificateException: Signature
uses an insecure hash function: 1.2.840.113549.1.1.5"
Resolution
Android OS 10 and higher devices will not function if the
Certificate Authority is SHA-1 while the server certificate
is SHA-256. The entire chain is validated when validating
certificates. Therefore if any cert in the chain has an
insecure algorithm, the certificate is not trusted. When the
server certificate has a higher encryption algorithm than the
Certificate Authority, the cert will not be trusted and the
device will not enroll.
The only solution to this situation is to remint the
Certificate Authority. This situation should not be taken
lightly and requires adequate planning to ensure proper
communication of all devices both during and after the remint
process. Contact Micro Focus Technical Support to confirm this scenario and review the process.
Once the Certificate Authority is reminted and confirmed to be
SHA-256, all Android devices should register correctly.