Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.

Please do not post bug reports, missing feature requests, or demo inquiries. If you have such an inquiry, submit a contact form.

0 votes

Hello,

I have some problems registering my devices but only those in Android 7 (here they are Huawei P9 Lite). I have NO problem with those in Android 8,9,10 and above.

I think that the problem comes from my let's encrypt ssl certificate. I managed to register devices in Android 7 at the beginning of January but since mid-February it has been impossible.

Last enrollment of android 7 device (same device as today) : 

Error message today with the same device

image-2024-02-23-162832270

I check other Q&A (like https://qa.h-mdm.com/7394/cannot-enroll-device-https-trust-anchor-certification-found), we have the same symptoms but not the same error source.

Do I need to disable let's encrypt or use another certificate or another idea ?

Thanks

by (120 points)

2 Answers

0 votes
When you use LetsEncrypt to generate the certificate, Headwind MDM includes the full chain of certificate authorities in the keystore, so the QA article you referred is not applicable.

I guess LetsEncrypt has changed something in their certificates so older devices do not trust them any more.

Instead of LetsEncrypt, you can purchase a commercial certificate (https://qa.h-mdm.com/1240/how-to-setup-work-through-https), but there's no guarantee that Huawei devices will accept it. The only way to check is to try it.
by (37.4k points)
0 votes
I guess here's the answer: https://qa.h-mdm.com/18231/letsencrypt-gives-https-error-trust-anchor-not-found-android

If you're using LetsEncrypt, update the Headwind MDM launcher to the latest version, it installs LetsEncrypt root certificates if they are unknown by a device.
by (37.4k points)
...