How can I securely deploy a configuration profile to an iPhone without another Apple device?
According to the documentation...
There are five ways to deploy configuration profiles:
- Using Apple Configurator 2, available in the App Store
- In an email message
- On a webpage
- Using over-the-air configuration as described in Over-the-Air Profile Delivery and Configuration
- Over the air using a Mobile Device Management Server
As Apple Configurator is only available for macOS and both Over-the-Air Profile Delivery and MDM solutions are solutions for enterprises, you are probably left with e-mail message or a webpage.
You can of course also use any 3rd party app that offers some sort of file sharing/synchronization. But as you want to transfer sensitive information, make sure you use an app with end-to-end encryption, where you are the single owner of the encryption keys.
Via e-mail
You can easily send a configuration profile via e-mail. As soon as you click on the attachment, it will be loaded and you can install it from the Settings app.
But as you want to transfer it securely, a simple e-mail won't do it. Again, you need end-to-end encryption because the file will travel through the internet. You can achieve that by setting up S/MIME for your e-mail, for example. But I am not sure, if you can do it already as a consumer with the Apple mail app. You might need a 3rd party app for that.
Via webpage
It sounds like an overkill, but that can be done easily and securely with free open source tools and just your laptop. Steps you need:
- Interconnect your laptop and iPhone via WiFi (ad hoc network, no router needed, just the two devices)
- Setup a temporary HTTPS web server with Python to serve the configuration profile
- ???
- Profit: Access the configuration profile securely through Safari on your iPhone
This is how you can do it with a Windows laptop:
-
Create a wireless ad hoc network. Use
ipconfig
afterwards to determine the IP address of your laptop for this network. -
Connect your iPhone to this network, as you would with any other WiFi.
-
Create a self signed certificate that you will need for your web server. You can use
OpenSSL
for example. You already got that, if you have Git for Windows installed. You find it at<GIT_INSTALL_PATH>\bin
or<GIT_INSTALL_PATH>\mingw64\bin
. To create that certificate, just execute:.\openssl.exe req -new -newkey rsa:4096 -x509 -keyout localhost.pem -out localhost.pem -nodes
-
Create the following folder structure to serve your configuration profile from:
/ └── www/ ├── html/ │ └── MyConfigProfile.mobileconfig └── localhost.pem
-
Use
html
as your working directory and use Python 3 to start a HTTPS web server from there. Replace<IP>
by the IP address you retrieved in step 1. You can also adjust the port address (2021), if you want:import http.server, ssl server_address = ('<IP>', 2021) httpd = http.server.HTTPServer(server_address, http.server.SimpleHTTPRequestHandler) httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True, certfile='../localhost.pem', ssl_version=ssl.PROTOCOL_TLS) httpd.serve_forever()
-
On your iPhone, open Safari and access
https://<IP>:2021/MyConfigProfile.mobileconfig
(replace<IP>
by the IP address you retrieved in step 1). As you are using a self signed certificate, Safari cannot verify it and will complain. This is normally a security concern, but as you are the owner of both sides it is totally fine. To be 100% sure you can just compare the certificate shown on your iPhone with the one you generated on your laptop. You can then proceed to install the configuration profile.