How do I create the identity certificate required to setup Mobile Device Management on an iOS device?
I'm trying to provision an iOS device to be managed using the Apple MDM capabilities. Using the iPhone Configuration Utility, I'm trying to create a configuration profile. Under the Mobile Device Management section, I can setup everything except for the "Identity" entry, which always just says "Add credentials in the Credentials payload."
According to the iPhone Configuration Utility documentation for the Identity field:
Select the certificate that the device uses to identify itself to the MDM server. Add the certificate to the device using the Credentials Settings, or use SCEP Settings to provide instructions for the device to obtain the certificate using SCEP.
I don't have a SCEP server, so I'm trying to use a certificate. However, I can't figure out how to generate a valid certificate. No matter what certificate I add to the Credentials settings, it never becomes available for selection in the Identity field.
When I attempt to install the configuration profile without any identity certificate set, I get the error "Profile Failed to Install", and the Console shows the error "The identity certificate for com.test.test.mdm1 could not be found."
Has anyone succesfully provisioned a device for MDM using this system?
If you are using self-signed ssl then,While generating self-signed ssl certificate in server side,generate identity.p12 certificate and this certificate you need to use in identity section of IPCU. These few lines you can use to generate the idendtity.p12
//Creating the device Identity key and certificate request
openssl genrsa 2048 > identity.key
openssl req -new -key identity.key -out identity.csr
//Signing the identity key with the CA.
//Give it a passphrase. You'll need to include that in the IPCU profile.
openssl x509 -req -days 365 -in identity.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out identity.crt
openssl pkcs12 -export -out identity.p12 -inkey identity.key -in identity.crt -certfile cacert.crt
And go through this also.
- Contact your MDM vendor to request a signed Certificate Signing Request (CSR). Your vendor will sign a CSR and deliver it to you.
- Once you have a signed CSR from your vendor, visit identity.apple.com/pushcert and sign in with a verified Apple ID.
- Click "Create a Certificate” and agree to the Terms of Use.
- Select your signed CSR and click upload. After a moment, your certificate will be available for download.
- This certificate can now be uploaded to your MDM server for use with the Apple Push Notification service.