How do I view or verify signed .mobileconfig files using Terminal?

macos certificate ssl openssl

I need to troubleshoot problems with signed .mobileconfig profiles. How can I show the signature of a these files using Terminal? Is it also possible to verify the certificates that were used to sign the profile?

Is there a way to output the XML content of these files without the signature?


Solution 1:

Apple's .mobileconfig files are signed using PKCS7. The signing certificate data can be shown using the following command:

openssl pkcs7 -inform DER -print_certs -in ~/Settings.mobileconfig

You can copy/paste ASCII certificate data from the output into a plain text file (with a .cer filename extension) to create copies of the certificates:

-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIBAjALBgkqhkiG9w0BAQswga4xQDA+BgNVBAMMN0tlbGxl
eSBDb21wdXRpbmcgT3BlbiBEaXJlY3RvcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkxGTAXBgNVBAoMEEtlbGxleSBDb21wdXRpbmcxJTAjBgNVBAsMHE1BQ09TWCBP
...
q19fbG33zNwRhVHceYMpcbWG1MSqLxnPu4wo75OZFIJCaByZykfpKAzRZl9aa7rD
5bAuzZAziXBW7WWKce2a4hGN804W9RHco5HIGLsQAdg4pLZvENXF1+JNHtBVXjjL
WJrCDKjnCyS1DqmJqijk9KIDM8gP6iLLeQ==
-----END CERTIFICATE-----

OpenSSL can be used to verify the code-signing certificate as well. Assuming that we've copied the signing CA's certificate text/data into ~/CA.crt, and copied the code signing certificate into ~/CodeSigner.crt.:

openssl verify -CAfile ~/CA.crt ~/CodeSigner.crt

Removing the signature from a file can be accomplished using this command:

openssl smime -inform DER -verify -in ~/Settings.mobileconfig -noverify -out ~/Unsigned.mobileconfig

Related

osascript "set bounds of window" not working after Mavericks upgrade
Phantom unread message in Mail.app
Selling a MacBook Pro with preinstalled OSX and transferring the license
How dangerous is it to share my iTunes ID?
How do I insert a tab character in a Google Docs document on iOS?
Why Does a Shell Script Trapping SIGTERM Work When Run Manually, But Not When Run via launchd?
Where are the apache config files stored?
What extra hardware do I have to buy if Mac Mini is my first Apple product?
Can I perform inverse trig functions in Spotlight?
How would I bring View Controller Scene in Xcode to the main working area?
Move the note icons around in Preview?
"The app isn't available, Try again." on TestFlight