objective c - MDM iPCU Profile Installation Failed in iOS SDK -
i doing mdm vendor set , having apple enterprise account same.but after completing steps getting issue when try install iphone configuration utility file on iphone.we getting alert saying “profile installation failed”.please suggest suspect may wrong.following steps followed profile creation.
for vendor:
i created vendor csr on macbook called
vendor.csr
.email: enterprise account email.
common name: company name.
saved disk.
uploaded
vendor.csr
file enterprise account , downloadedmdm.cer
file account.loaded certificate key chain.
exported .p12 file
private.p12
file.extracted private key using command :
openssl pkcs12 -in private.p12 -nocerts -out key.pem
extracted certificate :
openssl pkcs12 -in private.p12 -clcerts -nokeys -out cert.pem
convert certificate des form :
openssl x509 -in cert.pem -inform pem -out mdm.cer -outform des
8.stripped password private key : openssl rsa -in key.pem -out private.key
for customer:
now created 1 more csr push same macbook called push.csr.
email: company support email.
common name : company name push
saved disk.
python code :
link: https://github.com/grinich/mdmvendorsign
i got python code above link plist encoded file files generated above i.e. private.key, push.csr, mdm.cer
.i renamed files according command below , generated plist encoded file.
command : python mdm_vendor_sign.py --csr user_submitted_csr.csr --key mdm_vendor_private.key --mdm mdm_certifiate_from_apple.cer
push cert :
then uploaded plist encoded file on “https://identity.apple.com/pushcert/” , downloaded resulting push certificate there.
installed pushcert downloaded key chain , exported in p12 format , call mdm.p12.
converted mdm.p12 pem format : openssl pkcs12 -in mdm.12 -out pushcert.pem -nodes
iphone configuration utility :
i implemented 3 sections of ipcu. server setup using rapidssl server set up.
general
a. name : company private limited
b. identifier: com.mycompany.mdm.profile
c. organization : company name
d. description : version 1.0
e. security : always.
credentials
uploaded pushcert.pem file generated @ last step of push cert work.
mobile device management
a. server url : https://xyz.server
b check in url : https://xyz.checin
c. topic :com.apple.mgmt.external.xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
d. identity : selected credential.
export ipcu -> none/signconfigurationprofile (tried both).
now file failing install on device when send through mail , getting message profile installation failed.what understand logs device unable make connection server.please suggest me how resolve that.
device logs:
nov 27 19:02:21 iphone profiled[114] <notice>: (note ) mc: checking mdm installation... nov 27 19:02:21 iphone profiled[114] <notice>: (note ) mc: ...finished checking mdm installation. nov 27 19:02:21 iphone profiled[114] <notice>: (note ) mc: beginning profile installation... nov 27 19:02:21 iphone profiled[114] <error>: sectrustevaluate [leaf anchortrusted] nov 27 19:02:23 iphone locationd[63] <notice>: gesture enabledfortopclient: 0, enabledindaemonsettings: 0 nov 27 19:02:24 iphone locationd[63] <notice>: gesture enabledfortopclient: 0, enabledindaemonsettings: 0 nov 27 19:02:24 iphone profiled[114] <error>: sectrustevaluate [leaf anchortrusted] nov 27 19:02:26 iphone profiled[114] <notice>: (error) mdm: cannot authenticate. error: nserror: desc : connection server not established. desc: connection server not established. domain : mchttptransactionerrordomain code : 23001 type : mcfatalerror params : ( "https://mdm.mycompanyname.com/service1.svc", 500 ) nov 27 19:02:26 iphone profiled[114] <notice>: (error) mc: cannot install mdm “mobile device management”. error: nserror: desc : payload “mobile device management” not installed. sugg : connection server not established. desc: payload “mobile device management” not installed. sugg: connection server not established. domain : mcinstallationerrordomain code : 4001 type : mcfatalerror params : ( "mobile device management" ) ...underlying error: nserror: desc : connection server not established. desc: connection server not established. domain : mchttptransactionerrordomain code : 23001 type : mcfatalerror params : ( "https://mdm.mycompanyname.com/service1.svc", 500 ) nov 27 19:02:26 iphone profiled[114] <notice>: (error) mc: rolling installation of profile “com.mycompanyname.mdm.profile”... nov 27 19:02:26 iphone profiled[114] <notice>: (error) mc: installation of profile “com.mycompanyname.mdm.profile” failed error: nserror: desc : profile “mycompanyname” not installed. sugg : payload “mobile device management” not installed. desc: profile “mycompanyname” not installed. sugg: payload “mobile device management” not installed. domain : mcprofileerrordomain code : 1009 type : mcfatalerror params : ( "mycompanyname" )
the certificate generated mdm vendor cert apple isn't used device authentication. it's used particular server send notifications apns.
the identity in ipcu (which deprecated long ago) client certificate. remember tls certificates need valid , trusted. server rejecting client http 500, start investigating server logs why.
really though if developing own mdm solution open dts incident apple. api documents published folks in enterprise developer program , not publicly available. rather here, mdm section of apple developer forums better place discuss it.
Comments
Post a Comment