Hi Jonathan,
Hope you are doing well,
The cURL 60 error that was received would indeed point to the website’s SSL certificate being expired. If the devices or browsers are of an older build, then the trouble could be with the inability to trust the ISRG Root X1. It would be best to check for available OS updates on the device to get this done for the devices that are compatible with the latest OS versions. The latest versions of the OS would have the required certificates trusted and hence this behaviour should not be seen.
For your devices enrolled under Android Enterprise, you would have the option to schedule the OS updates from Policy > Android > OS updates. Here is a link with more information regarding this https://www.hexnode.com/mobile-device-management/help/how-to-schedule-os-updates-in-android-devices-using-hexnode/
With Hexnode, you would also be able to deploy the certificate to the device remotely using the certificate policy that we provide. You can do this from Policy > Android > Certificate. Here is a link with more information regarding this https://www.hexnode.com/mobile-device-management/help/how-to-add-certificates-for-android-devices-using-hexnode-mdm/
Please note that although the certificate would be deployed to the device, the device has to be capable of trusting this certificate and this would be dependent on the device and the OS as well.
Regarding OpenSSL, the various apps that you use would be making use of the higher version of the OpenSSL library. Therefore, it would be a best practice to ensure that the browser app is updated to the latest version. This can be done via Hexnode by setting the app as a mandatory app. This can be done from Policy > Android > Mandatory apps. Once the required apps are added here, the updates shall be automatically pushed to the devices when available.
If you need any assistance setting up the configurations from the Hexnode portal, you can reach out to the technical support team directly via mdm-support@hexnode.com.
Cheers!
Jeff Black
Hexnode MDM.