How-to sign an iOS configuration profile generated programmatically?
up vote
0
down vote
favorite
Context
I have a webapp (frontend JS / backend PHP) that generates some MDM iOS configuration profiles (*.mobileconfig) programmatically.
Website users enter some informations, call my PHP api, and my PHP backend generates a configuration profile "on-the-fly" with the user-specific data, save it on the server, and return back the URL of the generated profile, so the user can click this link and install it on its iOS device.
In short: this profile contains in its payload only a webclip (safari shortcut).
Everything works fine, the configuration profile link opens the iOS Settings app that asks the user to install this profile on its device.
My problem is that this programmatically generated profile is not signed. So the user is warned by iOS that the profile is not signed and he must do several additional actions to confirm the profile installation.
I would like that the generated profiles to be signed, so the user can install them more easily and quickly.
Questions
- is it possible?
- if yes, is it possible with PHP?
- if yes, how can I do that?
I read some ressources about signing configuration profiles, by I don't understant everything, I din't have any skills about signing, certificates etc.
That's not clear for me!
Any help appreciated, thanks in advance!
php ios mdm signing configuration-profile
asked Nov 22 at 16:01
TooLiPHoNe.NeT
1271112
add a comment |
up vote
0
down vote
favorite
Context
I have a webapp (frontend JS / backend PHP) that generates some MDM iOS configuration profiles (*.mobileconfig) programmatically.
Website users enter some informations, call my PHP api, and my PHP backend generates a configuration profile "on-the-fly" with the user-specific data, save it on the server, and return back the URL of the generated profile, so the user can click this link and install it on its iOS device.
In short: this profile contains in its payload only a webclip (safari shortcut).
Everything works fine, the configuration profile link opens the iOS Settings app that asks the user to install this profile on its device.
My problem is that this programmatically generated profile is not signed. So the user is warned by iOS that the profile is not signed and he must do several additional actions to confirm the profile installation.
I would like that the generated profiles to be signed, so the user can install them more easily and quickly.
Questions
- is it possible?
- if yes, is it possible with PHP?
- if yes, how can I do that?
I read some ressources about signing configuration profiles, by I don't understant everything, I din't have any skills about signing, certificates etc.
That's not clear for me!
Any help appreciated, thanks in advance!
php ios mdm signing configuration-profile
asked Nov 22 at 16:01
TooLiPHoNe.NeT
1271112
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Context
I have a webapp (frontend JS / backend PHP) that generates some MDM iOS configuration profiles (*.mobileconfig) programmatically.
Website users enter some informations, call my PHP api, and my PHP backend generates a configuration profile "on-the-fly" with the user-specific data, save it on the server, and return back the URL of the generated profile, so the user can click this link and install it on its iOS device.
In short: this profile contains in its payload only a webclip (safari shortcut).
Everything works fine, the configuration profile link opens the iOS Settings app that asks the user to install this profile on its device.
My problem is that this programmatically generated profile is not signed. So the user is warned by iOS that the profile is not signed and he must do several additional actions to confirm the profile installation.
I would like that the generated profiles to be signed, so the user can install them more easily and quickly.
Questions
- is it possible?
- if yes, is it possible with PHP?
- if yes, how can I do that?
I read some ressources about signing configuration profiles, by I don't understant everything, I din't have any skills about signing, certificates etc.
That's not clear for me!
Any help appreciated, thanks in advance!
php ios mdm signing configuration-profile
asked Nov 22 at 16:01
TooLiPHoNe.NeT
1271112
Context
I have a webapp (frontend JS / backend PHP) that generates some MDM iOS configuration profiles (*.mobileconfig) programmatically.
Website users enter some informations, call my PHP api, and my PHP backend generates a configuration profile "on-the-fly" with the user-specific data, save it on the server, and return back the URL of the generated profile, so the user can click this link and install it on its iOS device.
In short: this profile contains in its payload only a webclip (safari shortcut).
Everything works fine, the configuration profile link opens the iOS Settings app that asks the user to install this profile on its device.
My problem is that this programmatically generated profile is not signed. So the user is warned by iOS that the profile is not signed and he must do several additional actions to confirm the profile installation.
I would like that the generated profiles to be signed, so the user can install them more easily and quickly.
Questions
- is it possible?
- if yes, is it possible with PHP?
- if yes, how can I do that?
I read some ressources about signing configuration profiles, by I don't understant everything, I din't have any skills about signing, certificates etc.
That's not clear for me!
Any help appreciated, thanks in advance!
php ios mdm signing configuration-profile
php ios mdm signing configuration-profile
asked Nov 22 at 16:01
TooLiPHoNe.NeT
1271112
asked Nov 22 at 16:01
TooLiPHoNe.NeT
1271112
asked Nov 22 at 16:01
TooLiPHoNe.NeT
1271112
asked Nov 22 at 16:01
TooLiPHoNe.NeT
1271112
asked Nov 22 at 16:01
TooLiPHoNe.NeT
1271112
1271112
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
Yes you can. Also with PHP.
How?
Save the profile you want to sign to a temp file:
file_put_contents ($tmp_file_name, $profile_data);
Sign the file you have just created:
$data = shell_exec ("openssl smime -sign -in $tmp_file_name {add here another parameters you need...}");
Send the data to the client:
echo $data;
Delete the tmp file...
unlink ($tmp_file_name);
answered Nov 29 at 8:48
zvi
398310
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 at 22:26
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
Yes you can. Also with PHP.
How?
Save the profile you want to sign to a temp file:
file_put_contents ($tmp_file_name, $profile_data);
Sign the file you have just created:
$data = shell_exec ("openssl smime -sign -in $tmp_file_name {add here another parameters you need...}");
Send the data to the client:
echo $data;
Delete the tmp file...
unlink ($tmp_file_name);
answered Nov 29 at 8:48
zvi
398310
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 at 22:26
add a comment |
up vote
1
down vote
accepted
Yes you can. Also with PHP.
How?
Save the profile you want to sign to a temp file:
file_put_contents ($tmp_file_name, $profile_data);
Sign the file you have just created:
$data = shell_exec ("openssl smime -sign -in $tmp_file_name {add here another parameters you need...}");
Send the data to the client:
echo $data;
Delete the tmp file...
unlink ($tmp_file_name);
answered Nov 29 at 8:48
zvi
398310
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 at 22:26
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
Yes you can. Also with PHP.
How?
Save the profile you want to sign to a temp file:
file_put_contents ($tmp_file_name, $profile_data);
Sign the file you have just created:
$data = shell_exec ("openssl smime -sign -in $tmp_file_name {add here another parameters you need...}");
Send the data to the client:
echo $data;
Delete the tmp file...
unlink ($tmp_file_name);
answered Nov 29 at 8:48
zvi
398310
Yes you can. Also with PHP.
How?
Save the profile you want to sign to a temp file:
file_put_contents ($tmp_file_name, $profile_data);
Sign the file you have just created:
$data = shell_exec ("openssl smime -sign -in $tmp_file_name {add here another parameters you need...}");
Send the data to the client:
echo $data;
Delete the tmp file...
unlink ($tmp_file_name);
answered Nov 29 at 8:48
zvi
398310
answered Nov 29 at 8:48
zvi
398310
answered Nov 29 at 8:48
zvi
398310
answered Nov 29 at 8:48
zvi
398310
398310
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 at 22:26
add a comment |
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 at 22:26
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 at 9:54
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 at 17:03
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 at 7:54
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 at 22:25
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 at 22:26
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 at 22:26
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434631%2fhow-to-sign-an-ios-configuration-profile-generated-programmatically%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
