"CA certificate fingerprint could not be verified. " when trying to initiate the process to enroll SCEP certificate on Android and Intune

Question

"CA certificate fingerprint could not be verified. " when trying to initiate the process to enroll SCEP certificate on Android and Intune

530 Views Asked by Pantafernando At 30 October 2022 at 22:53

Good evening.

So, here is my problem: I'm responsible to set up all NDES infrastructure to provide SCEP certificate for Android devices enrolled in Intune.

After exhaustively covering all installation/configuration steps in the infrastructure, my test device simply can't enroll to the certificate.

So, I would like to ask if anyone else found this very same problem that could give me a hint about what could be the error?

`

2022-10-30T15:52:01.2350000 VERB    org.jscep.client.Client 25727   03516   Requesting certificate verification.
2022-10-30T15:52:01.6350000 INFO    com.microsoft.intune.omadm.cryptography.androidapicomponent.abstraction.GetCertificateChainUseCase  25727   03516   Certificate chain built with length 1, rootIssuerFound = true
2022-10-30T15:52:01.6370000 VERB    org.jscep.client.Client 25727   03516   Certificate verification failed.
2022-10-30T15:52:01.6380000 ERR_    com.microsoft.omadm.platforms.android.certmgr.CertificateRequestHandler 25727   03516   Enrollment request failed
    org.jscep.client.ClientException: CA certificate fingerprint could not be verified.
        org.jscep.client.Client.verifyCA(:752)
        org.jscep.client.Client.getCaCertificate(:282)
        org.jscep.client.Client.getEncoder(:699)
        org.jscep.client.Client.enrol(:623)
        com.microsoft.omadm.platforms.android.certmgr.CertificateRequestHandler.enrollCertificate(:181)
        com.microsoft.omadm.platforms.android.certmgr.CertificateRequestHandler.processRequest(:123)
        com.microsoft.omadm.platforms.android.certmgr.CertificateEnrollmentManager.tryEnrollCertificate(:123)
        com.microsoft.omadm.platforms.android.certmgr.CertificateEnrollmentManager.enrollPendingCertificates(:205)
        com.microsoft.omadm.platforms.android.provider.CertificateEnrollmentProvider$CertificateRequestPolicy.enforce(:400)
        com.microsoft.omadm.client.tasks.TemporaryOMADMClientExecutorTask.checkComplianceAndEnforceForUser(:915)
        com.microsoft.omadm.client.tasks.TemporaryOMADMClientExecutorTask.updatePolicyForUser(:805)
        com.microsoft.omadm.client.tasks.TemporaryOMADMClientExecutorTask.updatePolicy(:1278)
        com.microsoft.omadm.client.tasks.TemporaryOMADMClientExecutorTask.run(:255)
        com.microsoft.omadm.taskexecutor.TaskExecutor$InternalExecutorRunner.run(:322)
        java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
        java.util.concurrent.FutureTask.run(FutureTask.java:266)
        java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
        java.lang.Thread.run(Thread.java:923)

`

Intune console doesnt give any hint what is the problem, but I managed to recover my test device logs, and the main log error is "CA certificate fingerprint could not be verified. ". Below is part of the error.

Original Q&A

There are 1 best solutions below

**Pantafernando** · Answer 1 · 2022-11-02T05:44:05.927000

Pantafernando On 02 November 2022 at 05:44

Fixed by removing unused certificates in truststore.

"CA certificate fingerprint could not be verified. " when trying to initiate the process to enroll SCEP certificate on Android and Intune

There are 1 best solutions below

Related Questions in ANDROID

Related Questions in INTUNE

Related Questions in SCEP

Trending Questions

Popular # Hahtags

Popular Questions