Inability to Connect NOW Mobile with the Self-Hosted InstanceIssue The Now mobile application is unable to connect to the self-hosted instance. Receive the below error message (as per the screenshot image):“The instance you are trying to connect to does not support this mobile app. Contact your administrator” The self-hosted instance is configured for mobile access. The "ServiceNow NowMobile App Screens and Applet Launcher" plugin is installed and configured as well on production and sub-production instances. The instance is not published to internet, however the mobile device has VPN access to the instance. When we configure the NOW mobile to connect to the instance it keeps giving an error message that the instance is not configured for mobile (Check the screenshot).When we use the Mobile browser to connect to the instance it works well (gives an indicator that VPN works well on the mobile), but it fails using the native app.Cause"User-added CAs Protection of all application data is a key goal of the Android application sandbox. Android Nougat changes how applications interact with user- and admin-supplied CAs. By default, apps that target API level 24 will—by design—not honor such CAs unless the app explicitly opts in. This safe-by-default setting reduces application attack surface and encourages consistent handling of network and file-based application data." Affected customer is using a user certificate as a part of their auth flow. In newer versions of Android (7+), Google does not trust these certificates by default. Here is the link to the blog post when they made this change: https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html. This issue also affects iOS devices. If you manually install a profile that contains a certificate payload in iOS and iPadOS, that certificate isn't automatically trusted for SSL. Please check the "Resolution" section for instruction on how to manually trust an installed certificate profile.Resolution ServiceNow aligns with Google's decision and therefore does not trust user certs in our public Google Play Store apps. The test app we shared with the customer opts in to trust these certs which is why they were able to successfully authenticate. PFB two options for how to proceed: - Remove the user cert and replace it with a certificate signed from a public certificate authority. Then the customer can use our Google Play store applications. - Sign up for our mobile publishing product which allows customers to build APKs that trust this certificate. Since the instance is on-prem, which is currently unsupported for Mobile Publishing, they would have to launch a cloud instance to submit the requests. Post this you can then use Airwatch MDM to distribute the android application. Also, for iOS devices, you must manually turn on trust for SSL/TLS when you install a profile that is sent to you via email or downloaded from a website. If you want to turn on SSL/TLS trust for that certificate, go to Settings > General > About > Certificate Trust Settings. Under "Enable full trust for root certificates," turn on trust for the certificate. Apple recommends deploying certificates via Apple Configurator or Mobile Device Management (MDM). Certificate payloads are automatically trusted for SSL when installed with Configurator, MDM, or as part of an MDM enrollment profile. For more information, please Click Here