2

I've followed the instructions as I believe to sign my mobileconfig file so, with a users permission, I can correctly set their APN. However, when using this mobileconfig file the screen from iOS still continues to show "Not Verified". However, under 'More Details' it gives some encouraging information -- the signing certification information all seems correct.

i.e., I'm close - any ideas?

I've tried the basics -
iOS mobileconfig walkarounds and variations, including not using the certificate chain.

enter image description hereenter image description here

Community
  • 1
  • 1
Peter Gaston
  • 176
  • 13

1 Answers1

1

How to Sign and verify a .mobileconfig file in apple

  1. Export certificate from the key chain

    keychain access --> Certifcates(LeftPanel)--> right click the particular certificate and export the certificate. convert .p12 file to PEM file (converting use this link www.sslshopper.com/ssl-converter.html)

    Eg: InnovCertificates.p12 to InnovCertificates.pem

  2. Download Apple Root Certificate and Apple Intermediate Certificate

    (For my .mobileconfig file verification i am used Apple Inc. Root Certificate(Apple Root Certificate) and Application Integration Certificate (Apple Intermediate Certificate) certificates. you can also use these certificates or other certificates that have in the apple certificates www.apple.com/certificateauthority/)

    The download file is combination of certificate and keys . (Read the certificate in Terminal commands are following link info.ssl.com/article.aspx?id=12149) From this certificate file we need extract certificate.

    extract certificate from Apple Root Certificate. Then extract certificate from Apple Intermediate Certificate

openssl x509 -inform DER -outform PEM -in AppleIncRootCertificate.cer -out root.crt.pem
openssl x509 -inform DER -outform PEM -in AppleAAICA.cer -out Intermediate.crt.pem

open the two extracted file in text editor,
copy and paste the Intermediate.crt.pem to beginning of the root.crt.pem and save .then your root.crt.pem file is combination of two certificate.

  3. Sign and verify the .mobileconfig file

    Once you have all the files listed above, you will run a command like the following:

openssl smime -sign -in Example.mobileconfig -out SignedVerifyExample.mobileconfig -signer InnovCertificates.pem -certfile root.crt.pem -outform der -nodetach

    The result .mobileconfig file is signed and verified.

Use full links:

1.renren.io/questions/637349/ios-mobileconfig-walkarounds 2.developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/smime.1ssl.html#//apple_ref/doc/man/1/smime 3.www.apple.com/certificateauthority/ 4.www.rootmanager.com/iphone-ota-configuration/iphone-ota-setup-with-signed-mobileconfig.html 5.info.ssl.com/article.aspx?id=12149 6.www.sslshopper.com/ssl-converter.html 7.wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File 8.stackoverflow.com/questions/9277426/ios-mobileconfig-walkarounds 9.stackoverflow.com/questions/991758/how-to-get-an-openssl-pem-file-from-key-and-crt-files 10.discussions.apple.com/thread/2363234

MyTouch
  • 71
  • 1
  • 2