# Self Signed Certificate Error during iOS OTA Enrollment

This article shows how to resolve the certificate-trust error that can appear when you manually enroll iOS or iPadOS devices through OTA enrollment while the FileWave Server uses a self-signed certificate.

For production environments, use a publicly trusted server certificate when possible. If the server still uses a self-signed certificate, confirm the certificate shown in **FileWave Central → Preferences → Mobile → HTTPS certificate**.

![Self-signed HTTPS certificate shown in FileWave preferences](https://kb.filewave.com/uploads/images/gallery/2023-07/BWoXeLeXQOU0PQCl-embedded-image-wcg1m9ph.png)

Automated Device Enrollment can still work with this certificate state, but manual OTA enrollment may fail until the device trusts the installed root certificate.

![iOS enrollment error caused by an untrusted self-signed certificate](https://kb.filewave.com/uploads/images/gallery/2023-07/TP1omRknpngfzIM4-embedded-image-fybbfz4m.png)

If you keep the self-signed certificate, use the steps below on the device before starting the enrollment step. Replacing the self-signed certificate with a publicly trusted certificate avoids this manual trust workflow.

### Steps to resolve when keeping a self-signed certificate

1. Open the manual enrollment address on the device: <span style="color:rgb(224,62,45);">https://your.fw.server.DNS.here:20443/ios</span>
2. Select **Step 1 - Install Certificate**.  
      
      
    ![Step 1 Install Certificate option on the manual enrollment page](https://kb.filewave.com/uploads/images/gallery/2023-07/z46CW9EZa5yTpkWo-embedded-image-g6co8zsr.png)
3. Follow the device prompts to install the certificate. Tap **Install** through the prompts, then tap **Done**.
4. After the certificate is installed, open the **Settings** app. Do not start **Step 2 - Enroll Device** yet, because the device has not trusted the certificate.
5. Go to **General → About**.
6. At the bottom of **About**, tap **Certificate Trust Settings**.
7. Under **ENABLE FULL TRUST FOR ROOT CERTIFICATES**, enable trust for the newly installed certificate.

![iOS Certificate Trust Settings for the installed root certificate](https://kb.filewave.com/uploads/images/gallery/2023-07/Bf5XzxvJLw4CKeIy-embedded-image-tamymvpe.png)

Return to the manual enrollment page and continue with **Step 2 - Enroll Device**.