I am at the last(lost) stage of the MDM, Now the device is requesting for final profile, and I do send the .mobileconfig file which consists of SCEP and MDM payload. The SCEP is working fine and in the MDM payload where I was forced give the URL as HTTPS .The certificate installed is a self signed and also I have installed some trial certificate from verisign. Now while installing the final profile(especially MDM payload), I am getting error, Profile is not installed.I am having some doubts in deploying the final profile
1-Is it mandatory that we should use https link in the server url ?? Really banged my head by asking this question many times. 2-What response should we send back to the device when it installs the MDM payload ?? 3-Whether I am facing any certificates problem??
Can anyone give me a lead . please
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>Challenge</key>
<string>XXXXX</string>
<key>Key Type</key>
<string>RSA</string>
<key>Key Usage</key>
<integer>0</integer>
<key>Keysize</key>
<integer>1024</integer>
<key>Name</key>
<string>CA</string>
<key>Subject</key>
<array>
<array>
<array>
<string>O</string>
<string>ABC</string>
</array>
</array>
<array>
<array>
<string>CN</string>
<string>ABC</string>
</array>
</array>
</array>
<key>URL</key>
<string>CA url(http://)</string>
</dict>
<key>PayloadDescription</key>
<string>Configures SCEP</string>
<key>PayloadDisplayName</key>
<string>SCEP (CA)</string>
<key>PayloadIdentifier</key>
<string>com.one.profile.scep1</string>
<key>PayloadOrganization</key>
<string>ABC</string>
<key>PayloadType</key>
<string>com.apple.security.scep</string>
<key>PayloadUUID</key>
<string>XXXXXXXXXXXXX</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<dict>
<key>AccessRights</key>
<integer>2047</integer>
<key>CheckOutWhenRemoved</key>
<false/>
<key>IdentityCertificateUUID</key>
<string>XXXXXXXXXXX</string>
<key>PayloadDescription</key>
<string>Configures MobileDeviceManagement.</string>
<key>PayloadIdentifier</key>
<string>com.one.profile.mdm2</string>
<key>PayloadOrganization</key>
<string>ABC</string>
<key>PayloadType</key>
<string>com.apple.mdm</string>
<key>PayloadUUID</key>
<string>XXXXXXXXXXXXXXXXX</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>ServerURL</key>
<string>https://192.168.1.68/X/check.html</string>
<key>SignMessage</key>
<false/>
<key>Topic</key>
<string>com.apple.mgmt.abc.abcd</string>
<key>UseDevelopmentAPNS</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>This Profile consists of the MDM payload which will control your devices</string>
<key>PayloadDisplayName</key>
<string>MDM Profile</string>
<key>PayloadIdentifier</key>
<string>com.abc.profile</string>
<key>PayloadOrganization</key>
<string>ABC</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>XXXXXXXXXXXXXX</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Have you got the logs from the iOS device during this process? If not, do so. Use the iPhone Config Util (iPCU) and view the console while your device is enrolling.
1) Yes, you should use HTTPS.
3) I would recommend against using self-signed certificates for your HTTPS server. While it is possible to use such certificates, you will have to send back the server to the device separately to your MDM profile. This is more trouble than it's worth.
As for 2 - do you mean during check-in? I would suggest ensuring that the MDM profile is installed first using the console log viewer in iPCU.