I'm been wrestling with this issue for the last few days. Wondering if anyone else has encountered this. I'm trying to sign a CSR with my MDM Vendor certificate. I'm following the instructions in
The following is the function that calculates the signiature for SHA1WthRSA
private static string DoSign(X509Certificate2 signerCert, byte[] csrDerBytes)
{
var crypt = (RSACryptoServiceProvider)signerCert.PrivateKey;
var sha1 = new SHA1CryptoServiceProvider();
byte[] hash = sha1.ComputeHash(csrDerBytes);
byte[] signedHash = crypt.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
return Convert.ToBase64String(signedHash);
}
After attaching this signature to the encoded plist as described, and uploading the request to the apple server (https://identity.apple.com/pushcert), I received:
{"ErrorCode":-80018,"ErrorMessage":"Certificate Signature Verification failed","ErrorDescription":"Certificate Signature Verification failed because the http://www.apple.com/business/mdm\" target=\"_blank\">signature</a> is invalid."}
Anyone know what is wrong?
Found the issue, the signing code is working correctly, it was an issue with the certificate chain, the error returned was misleading as it pointed to the signature.
my issue was the cert chain I sent was using the wrong CA cert, it needed to be from Apple WWDR CA.