Office365 on Android - Certificate Error
-
User just came into my office showing the following. When trying to sync his work email (Office 365) he's getting a message that there's an invalid certificate and would he like to Cancel - View - Continue. When we view it, we see the following image.
- This is on a Samsung Galaxy S9 fully updated.
- We do not use Fortinet anywhere in our network.
- This occurs over Wifi connection or mobile data.
- He currently isn't using any VPN app or otherwise which would re-direct traffic.
Honestly not sure what to make of this.
-
The obvious next step is remove/re-add the account, but I'm currently more interested in what would be causing this at this point. He's currently the only user seeing it, so has to be something related to him and his phone.
-
Check under the MDM settings for any profiles there.
-
An Cert that is good for 24 years. . . yeah sure, I'll just trust that.
-
On the managed mobile device, go to Settings.
Navigate to Security.
Select Device Administrator and disable it.
Under Settings, go to Applications.
Select ManageEngine Mobile Device Manager Plus and Uninstall the ME MDM App -
Obviously those instructions are just ripped from Google, but the same process should apply.
-
@DustinB3403 said in Office365 on Android - Certificate Error:
An Cert that is good for 24 years. . . yeah sure, I'll just trust that.
That is normal for a self signed cert for a local device. The last thing you want is for the self signed cert on a piece of gear to expire.
-
@DustinB3403 said in Office365 on Android - Certificate Error:
Obviously those instructions are just ripped from Google, but the same process should apply.
He doesn't have any MDM applications installed, therefore none to remove
-
@zachary715 said in Office365 on Android - Certificate Error:
@DustinB3403 said in Office365 on Android - Certificate Error:
Obviously those instructions are just ripped from Google, but the same process should apply.
He doesn't have any MDM applications installed, therefore none to remove
Did you check the settings to confirm?
-
@JaredBusch said in Office365 on Android - Certificate Error:
@DustinB3403 said in Office365 on Android - Certificate Error:
An Cert that is good for 24 years. . . yeah sure, I'll just trust that.
That is normal for a self signed cert for a local device. The last thing you want is for the self signed cert on a piece of gear to expire.
While I get that, but Samsung shouldn't have an Fortinet cert, at least you wouldn't think they would.
-
With O365 are you not using an MDM to authorize the device?
-
@DustinB3403 said in Office365 on Android - Certificate Error:
@JaredBusch said in Office365 on Android - Certificate Error:
@DustinB3403 said in Office365 on Android - Certificate Error:
An Cert that is good for 24 years. . . yeah sure, I'll just trust that.
That is normal for a self signed cert for a local device. The last thing you want is for the self signed cert on a piece of gear to expire.
While I get that, but Samsung shouldn't have an Fortinet cert, at least you wouldn't think they would.
It doens't something on his device tried to connect to something and Fortigate got in the middle.
My money is on this happened outside the office and the user ignored it until they could come in to IT.
-
@DustinB3403 said in Office365 on Android - Certificate Error:
With O365 are you not using an MDM to authorize the device?
I don't.
-
@JaredBusch said in Office365 on Android - Certificate Error:
@DustinB3403 said in Office365 on Android - Certificate Error:
@JaredBusch said in Office365 on Android - Certificate Error:
@DustinB3403 said in Office365 on Android - Certificate Error:
An Cert that is good for 24 years. . . yeah sure, I'll just trust that.
That is normal for a self signed cert for a local device. The last thing you want is for the self signed cert on a piece of gear to expire.
While I get that, but Samsung shouldn't have an Fortinet cert, at least you wouldn't think they would.
It doens't something on his device tried to connect to something and Fortigate got in the middle.
My money is on this happened outside the office and the user ignored it until they could come in to IT.
That's what I was wondering. He started noticing it around lunch so I was thinking he could have potentially ran out and connected to some open hotspot, at which point his mail tried to sync and he received that certificate error. My confusion is I would think once he disconnected and connected back to mobile data or our network that it would no longer give that message. Is it possible that the message will continue to stay up until acknowledged in some fashion? Restarting the phone did no good.
-
@DustinB3403 said in Office365 on Android - Certificate Error:
With O365 are you not using an MDM to authorize the device?
Not at this time, no.
-
@zachary715 said in Office365 on Android - Certificate Error:
@DustinB3403 said in Office365 on Android - Certificate Error:
With O365 are you not using an MDM to authorize the device?
Not at this time, no.
We don't either.
-
@DustinB3403 said in Office365 on Android - Certificate Error:
@zachary715 said in Office365 on Android - Certificate Error:
@DustinB3403 said in Office365 on Android - Certificate Error:
Obviously those instructions are just ripped from Google, but the same process should apply.
He doesn't have any MDM applications installed, therefore none to remove
Did you check the settings to confirm?
Yes I did. Although it was difficult to sift through his list of apps to see if any were installed. Which just reinforces the need to seriously look into a good MDM solution which whitelists certain approved apps which can be installed.
-
@zachary715 said in Office365 on Android - Certificate Error:
@DustinB3403 said in Office365 on Android - Certificate Error:
@zachary715 said in Office365 on Android - Certificate Error:
@DustinB3403 said in Office365 on Android - Certificate Error:
Obviously those instructions are just ripped from Google, but the same process should apply.
He doesn't have any MDM applications installed, therefore none to remove
Did you check the settings to confirm?
Yes I did. Although it was difficult to sift through his list of apps to see if any were installed. Which just reinforces the need to seriously look into a good MDM solution which whitelists certain approved apps which can be installed.
FFS.... He is not telling you to look for an app. You are looking for specific MDM policies in the settings.
-
@JaredBusch said in Office365 on Android - Certificate Error:
@zachary715 said in Office365 on Android - Certificate Error:
@DustinB3403 said in Office365 on Android - Certificate Error:
@zachary715 said in Office365 on Android - Certificate Error:
@DustinB3403 said in Office365 on Android - Certificate Error:
Obviously those instructions are just ripped from Google, but the same process should apply.
He doesn't have any MDM applications installed, therefore none to remove
Did you check the settings to confirm?
Yes I did. Although it was difficult to sift through his list of apps to see if any were installed. Which just reinforces the need to seriously look into a good MDM solution which whitelists certain approved apps which can be installed.
FFS.... He is not telling you to look for an app. You are looking for specific MDM policies in the settings.
Simply making a comment in reference to last portion about "Uninstall the ME MDM App" and how not only was it not installed, but he also had a large portion of other unnecessary apps on his phone. I did also check the Security settings he referenced.
-
While an MDM can limit what apps are allowed (or not allowed) the most simple usage is to tag company owned data.
This way if someone leaves the company with their personal cellphone, the MDM policy can wipe out anything tagged as company property.
@JaredBusch thanks for clarifying the point, that this policy is under the security settings. The app is moot to the policy being there or not if one exists at all.
