Certificate Error During Enrolment Process (Windows Server)

When trying to enrol a device onto enclave, after entering the enrolment key, I receive an error. The following screenshot shows the error that appears:


I haven’t been able to find any help online as Enclave seems to be a relatively new VPN solution. Any help would be appreciated.

Hi Jamie,

Could you please open an administrative command prompt and try the enrolment again as follows:

C:\>enclave enrol

Please let us know the outcome.

1 Like

I attempted the method you suggested and received a similar error to the previous. I have put a screenshot of it below:



Thanks Jamie,

I’ve raised a bug internally, we’ll investigate and get back to you. Could you let me know exactly what version of Windows you’re running (msinfo32.exe) and if possible what versions of the dotnet framework you have installed

I’ve also removed the image you uploaded as it disclosed the enrolment key you were using into the public domain which could allow others to enrol systems to your organisation (enrolment keys should be considered secret values). I recommend you disable that enrolment key.

Could you also let us know the version of enclave you’re running please?

C:\> enclave version

Windows Version: 10.014393
Windows Build: 14393
dotnet versions: 6.0.9 and 3.1.27
Enclave version: enclave-win-x64 2022.9.27.229

Thanks Jamie, we’ll investigate and get back to you

1 Like

Jamie, we’ve run a quick test with a similar Windows 10 build and was unable to re-create.

Windows Version: 10.0.19044
Windows Build: 19044
dotnet versions: and 4.8.04084
Enclave version: enclave-win-x64 2022.9.27.229

Nothing about those versions feels inherently problematic, is there anything else about this host that might be noteworthy?

Hi Marc,

Sorry if I wasn’t precise enough, we are using Windows Server 2016, not Windows 10.

Understood, I think assuming you were running on Windows 10 was more me jumping to a conclusion reading the version number if I’m honest.

Could you try opening https://api.enclave.io in Internet Explorer on that host, and from a powershell terminal for me too please?

PS C:\> Invoke-WebRequest -Uri https://api.enclave.io

Do you get any certificate errors presented by the browser, do you get any powershell response StatusCode back other than a 200 OK?

Hmm. I’ve just created a Windows 2016 Server with the following versions and couldn’t replicate the problem, so there must be something else in play here. Will wait for the results of your attempts to load api.enclave.io

Windows Version: 10.0.14393
dotnet versions: 3.1.27 and 6.0.9
Enclave version: enclave-win-x64 2022.9.27.229

Entering the link into internet explorer redirects me to Enclave API Reference.

When I ran the command, I got status code 200.

Thanks for checking Jamie, we’ll have a new release candidate of the next version of Enclave available on Monday afternoon that should help us to pin this issue down, if you’re able to bare with us until then?

That all sounds good to me

Hi Jamie, the engineering team have prepared a release candidate that will provide more verbose information in the enrolment failure message https://release.enclave.io/enclave_setup-rc-2022.10.10.246.exe

Would you mind trying again with this version please so we can pinpoint the cause of the problem?

Hi Marc,

I just downloaded the new release and ran the command.

I ran into the same issue as before.

Below is a screenshot of the log file in its entirety.


Hi Jamie,

Our engineering team has prepared a special “untrimmed” build of Enclave to double check that our compression process (during compilation) isn’t removing anything critical to the enrolment process.

This zip file only contains the command line version of Enclave:


You can extract the binary to the desktop and run it from the command line as:

./enclave-win-x64.exe enrol

If you could let me know the output that would be extremely helpful.