Issues with enrollment of PUSH tokens

Hi everyone,
I’m having some issues setting up PUSH tokens in my enviroment.
I can create the token, but when my endpoint (my android phone) tries to connect it gets the following error:
Sending public RSA key failed

Rolling out token PIPU0001B918 failed
Status Code 525
My phone pings the server with no issue.
We are running version 3.9.2, and since this is a test enviroment we are using the dummy subscription

Here is a screenshot of my policies:

Am i missing something?

Thanks in advance for any help.

  1. Check in the Audit log, if the correct policies are used. You are using realm names in policies, this can be a reason for a different expected logic. I recommend to keep the poliicies as basic/simple as possible.

  2. Most probably you do not have a valid certificate on your registraion url. Check if you have configure push_ssl_verify=0 in your enrollment poliy!

  3. On your smartphone check if you can actually open the registration URL in your browser.


Thanks for the suggestions!

I’ll what you’ve suggest and let you know what i figure out.

Hi again,

I tried some of the suggestions, removing realm names from policies and moving push_ssl_verify=0 to enrollment policy.

My phone can access the enrollment url but still fails when adding to the authenticator app. I’m getting a new error

Sending public RSA key failed

Rolling out token PIPU00021D8E failed
Status Code 405

Do you have any suggestions what to do from here?

P.S i also added a Let’s Encrypt certificate, i don’t know if that is relevant.

you need to add /ttype/push to the end of your enrollment url.

1 Like

This worked!

Thank you so much :slight_smile:

In conclusion i had the realms set incorrectly, push_ssl_verify on the wrong policy, and was missing /ttype/push at the end of my URL.

Thanks to the help everyone!

1 Like