0

I am doing MDM installation in iOS SDK right now on local server.I have created the PEM file and installed that on local server.Then I create the configuration profile using the iPhone Configuration Utility and tried to install on the device.When I tried to install the profile on iPhone I got the alert below.

When I try to install the same profile on mac then I get the alert below.

From the issue What I come to know that MDM needs trust profile for the server.How can we generate a trust profile for the server?

Edit 1:

I came to know that it may be because of the identity certificate that I have used in iPCU while generating the configuration profile.I used the following openssl commands.

//Creating the device Identity key and certificate request

1. openssl genrsa 2048 > identity.key
2. openssl req -new -key identity.key -out identity.csr


//Signing the identity key with the CA. 
//Give it a passphrase. You'll need to include that in the IPCU profile.

3. openssl x509 -req -days 365 -in identity.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out identity.crt

4. openssl pkcs12 -export -out identity.p12 -inkey identity.key -in identity.crt -certfile cacert.crt

In the step 3 of openssl command I am don't get what I need to pass for -CA cacert.crt -CAkey cakey.key -CAcreateserialI went through CAcert web and came to know that I need to generate a certificate for my domain that I need to use here.I didn't get cakey.key and -CAcreateserial are.So can you please suggest me what step 3 is doing and is it necessary to have certificate from CAcert and pass the other commands.Thanks.

Imran
  • 1,715
  • 2
  • 20
  • 42

1 Answers1

1

Can you try to access your webserver from mobile Safari? In the case, if it will show you a dialog that website isn't trusted then you didn't install a certificate for your webserver to trusted CA storage.

You will need to

  • Create a config profile (usnig IPCU)
  • Choose "Credentials"
  • Add you certificate
  • Install it on a device
Victor Ronin
  • 22,758
  • 18
  • 92
  • 184
  • Hi Victor and Thanks for your response.Yes I am able to access my web server from mobile safari without warning.I have my checkIN url and server url opening on safari.I have also got the Topic from "https://identity.apple.com/pushcert". But what I think the identity of MDM in iPCU is creating problem.At that point I was using the MDM.p12 file that was generated at the time of creating in identity.Then after the issue I get some commands in the openssl for creating identity.Please see the question edit. – Imran Nov 19 '14 at 12:57
  • Can you please post MDM mobile config which you are trying to install. Also, do you try to install this on your OS X computer (based on screenshots)? – Victor Ronin Nov 19 '14 at 17:22
  • I am actually installing it on both iphone and mac.first screen shot is of iphone alert and second one is osx alert.can you please suggest me something about CAcert authority. Should you need iPCU config file to see.Thanks. – Imran Nov 19 '14 at 17:29
  • Please see the mobile config file here https://app.box.com/s/ug32885glqsx4n4lxxra – Imran Nov 19 '14 at 17:46
  • Hi Victor.Thanks for all your answers.I have tested all the commands and those are working fine for me but there is a big issue in between.When I am installing the profile to the device then its working fine and just after installation I am sending command (say lock) to the device using the path between server and device created at the time of profile installation.So I checked all the commands at the time of profile installation.But when I try to connect the mdm server to the device through APNS then its not responding.Device is unable to waked up by APNS.Can you please suggest what's wrong? – Imran Jan 02 '15 at 09:42
  • Hi Victor....I have already one running MDM Server and thank you for that.But I faced one issue when I tried to move my running mdm to a new Azure server using the same certificates. Do I need to create certificates again or it should work.Again I am getting "Profile Installation Failed" when we point to new azure server and install profile. Error...MCHTTPTransactionErrorDomain....A connection to the server could not be established. 23001 – Imran Jun 25 '15 at 07:03
  • The same steps. Can you access it from Safari? – Victor Ronin Jun 26 '15 at 01:59
  • Frankly, I am not familiar with a scenario when you are moving the server. However, if your DNS name didn't change and it's just running on different server it should just work. – Victor Ronin Jun 26 '15 at 01:59
  • It worked.It was a little different issue in azure.We had to configure PUT request on top of IIS for all web applications on Azure, since we are using SNI for our applications. i.e removing WebDAV from handlers and WebDAVModule from modules in webcofig file. – Imran Jun 29 '15 at 06:45