Someone tell me I should first do configure SCEP using IPCU,so I set a SCEP sever in Windows sever 2008.Then set the URL in the SCEP payload. but I can't install the Configuration Profile with MDM Payload. And someone tell me I should add in a p12 file/certificate as a 'Credential' in iPCU and pick this from the list in the MDM view.But I don't success. Is any a p12 file/certificate useful ? Thank someone for the help.
I need the answer for next step.
Thank you!
If you are using self-signed ssl then,While generating self-signed ssl certificate in server side,generate identity.p12 certificate and this certificate you need to use in identity section of IPCU.
These few lines you can use to generate the idendtity.p12
//Creating the device Identity key and certificate request
openssl genrsa 2048 > identity.key
openssl req -new -key identity.key -out identity.csr
//Signing the identity key with the CA.
//Give it a passphrase. You'll need to include that in the IPCU profile.
openssl x509 -req -days 365 -in identity.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out identity.crt
openssl pkcs12 -export -out identity.p12 -inkey identity.key -in identity.crt -certfile cacert.crt
If you aren't signing the MDM responses from the device (which I would recommend that you don't do until you are comfortable with the rest of the MDM protocol) then any p12 will do, however I believe it should have the key as well as the certificate. If you export a certificate with a key using the keychain utils on OSX, you should get a usable p12 file. The p12 must be base64 encoded within your profile but the iPCU will handle this for you.
