You encounter this error if the SSL certificate present on the device does not match with the certificate on the server or if the certificate is not valid.


  1. In the Workspace ONE UEM console, navigate to the Tunnel configuration page and verify the Front-End Certificate Thumbprint under server Authentication.
  2. For all the Android devices, open the Workspace ONE Intelligent Hub and under the Profiles section, verify the certificate thumbprint for the Type.cer.
    1. For all the iOS devices, navigate to Settings > General > Device Management > Device Manager.
    2. Click More Details and under the Certificate section, click the certificate with the Tunnel hostname.
  3. Scroll down to the SHA-1 text box and verify the certificate thumbprint.
  4. On the server side, open /opt/vmware/tunnel/vpnd/server.conf and search for ssl_thumbprint.
  5. Verify if the thumbprint on the device, server, and the Workspace ONE UEM console is the same. If not, restart the vpnd service on the Workspace ONE UEM console and republish the VPN profile.