How-to sign an iOS configuration profile generated programmatically?
Context
I have a webapp (frontend JS / backend PHP) that generates some MDM iOS configuration profiles (*.mobileconfig) programmatically.
Website users enter some informations, call my PHP api, and my PHP backend generates a configuration profile "on-the-fly" with the user-specific data, save it on the server, and return back the URL of the generated profile, so the user can click this link and install it on its iOS device.
In short: this profile contains in its payload only a webclip (safari shortcut).
Everything works fine, the configuration profile link opens the iOS Settings app that asks the user to install this profile on its device.
My problem is that this programmatically generated profile is not signed. So the user is warned by iOS that the profile is not signed and he must do several additional actions to confirm the profile installation.
I would like that the generated profiles to be signed, so the user can install them more easily and quickly.
Questions
- is it possible?
- if yes, is it possible with PHP?
- if yes, how can I do that?
I read some ressources about signing configuration profiles, by I don't understant everything, I din't have any skills about signing, certificates etc.
That's not clear for me!
Any help appreciated, thanks in advance!
php ios mdm signing configuration-profile
asked Nov 22 '18 at 16:01
TooLiPHoNe.NeTTooLiPHoNe.NeT
1271112
add a comment |
Context
I have a webapp (frontend JS / backend PHP) that generates some MDM iOS configuration profiles (*.mobileconfig) programmatically.
Website users enter some informations, call my PHP api, and my PHP backend generates a configuration profile "on-the-fly" with the user-specific data, save it on the server, and return back the URL of the generated profile, so the user can click this link and install it on its iOS device.
In short: this profile contains in its payload only a webclip (safari shortcut).
Everything works fine, the configuration profile link opens the iOS Settings app that asks the user to install this profile on its device.
My problem is that this programmatically generated profile is not signed. So the user is warned by iOS that the profile is not signed and he must do several additional actions to confirm the profile installation.
I would like that the generated profiles to be signed, so the user can install them more easily and quickly.
Questions
- is it possible?
- if yes, is it possible with PHP?
- if yes, how can I do that?
I read some ressources about signing configuration profiles, by I don't understant everything, I din't have any skills about signing, certificates etc.
That's not clear for me!
Any help appreciated, thanks in advance!
php ios mdm signing configuration-profile
asked Nov 22 '18 at 16:01
TooLiPHoNe.NeTTooLiPHoNe.NeT
1271112
add a comment |
Context
I have a webapp (frontend JS / backend PHP) that generates some MDM iOS configuration profiles (*.mobileconfig) programmatically.
Website users enter some informations, call my PHP api, and my PHP backend generates a configuration profile "on-the-fly" with the user-specific data, save it on the server, and return back the URL of the generated profile, so the user can click this link and install it on its iOS device.
In short: this profile contains in its payload only a webclip (safari shortcut).
Everything works fine, the configuration profile link opens the iOS Settings app that asks the user to install this profile on its device.
My problem is that this programmatically generated profile is not signed. So the user is warned by iOS that the profile is not signed and he must do several additional actions to confirm the profile installation.
I would like that the generated profiles to be signed, so the user can install them more easily and quickly.
Questions
- is it possible?
- if yes, is it possible with PHP?
- if yes, how can I do that?
I read some ressources about signing configuration profiles, by I don't understant everything, I din't have any skills about signing, certificates etc.
That's not clear for me!
Any help appreciated, thanks in advance!
php ios mdm signing configuration-profile
asked Nov 22 '18 at 16:01
TooLiPHoNe.NeTTooLiPHoNe.NeT
1271112
Context
I have a webapp (frontend JS / backend PHP) that generates some MDM iOS configuration profiles (*.mobileconfig) programmatically.
Website users enter some informations, call my PHP api, and my PHP backend generates a configuration profile "on-the-fly" with the user-specific data, save it on the server, and return back the URL of the generated profile, so the user can click this link and install it on its iOS device.
In short: this profile contains in its payload only a webclip (safari shortcut).
Everything works fine, the configuration profile link opens the iOS Settings app that asks the user to install this profile on its device.
My problem is that this programmatically generated profile is not signed. So the user is warned by iOS that the profile is not signed and he must do several additional actions to confirm the profile installation.
I would like that the generated profiles to be signed, so the user can install them more easily and quickly.
Questions
- is it possible?
- if yes, is it possible with PHP?
- if yes, how can I do that?
I read some ressources about signing configuration profiles, by I don't understant everything, I din't have any skills about signing, certificates etc.
That's not clear for me!
Any help appreciated, thanks in advance!
php ios mdm signing configuration-profile
php ios mdm signing configuration-profile
asked Nov 22 '18 at 16:01
TooLiPHoNe.NeTTooLiPHoNe.NeT
1271112
asked Nov 22 '18 at 16:01
TooLiPHoNe.NeTTooLiPHoNe.NeT
1271112
asked Nov 22 '18 at 16:01
TooLiPHoNe.NeTTooLiPHoNe.NeT
1271112
asked Nov 22 '18 at 16:01
TooLiPHoNe.NeTTooLiPHoNe.NeT
1271112
asked Nov 22 '18 at 16:01
TooLiPHoNe.NeTTooLiPHoNe.NeT
1271112
1271112
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Yes you can. Also with PHP.
How?
Save the profile you want to sign to a temp file:
file_put_contents ($tmp_file_name, $profile_data);
Sign the file you have just created:
$data = shell_exec ("openssl smime -sign -in $tmp_file_name {add here another parameters you need...}");
Send the data to the client:
echo $data;
Delete the tmp file...
unlink ($tmp_file_name);
answered Nov 29 '18 at 8:48
zvizvi
460411
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 '18 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 '18 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 '18 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 '18 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 '18 at 22:26
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434631%2fhow-to-sign-an-ios-configuration-profile-generated-programmatically%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes you can. Also with PHP.
How?
Save the profile you want to sign to a temp file:
file_put_contents ($tmp_file_name, $profile_data);
Sign the file you have just created:
$data = shell_exec ("openssl smime -sign -in $tmp_file_name {add here another parameters you need...}");
Send the data to the client:
echo $data;
Delete the tmp file...
unlink ($tmp_file_name);
answered Nov 29 '18 at 8:48
zvizvi
460411
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 '18 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 '18 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 '18 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 '18 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 '18 at 22:26
add a comment |
Yes you can. Also with PHP.
How?
Save the profile you want to sign to a temp file:
file_put_contents ($tmp_file_name, $profile_data);
Sign the file you have just created:
$data = shell_exec ("openssl smime -sign -in $tmp_file_name {add here another parameters you need...}");
Send the data to the client:
echo $data;
Delete the tmp file...
unlink ($tmp_file_name);
answered Nov 29 '18 at 8:48
zvizvi
460411
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 '18 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 '18 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 '18 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 '18 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 '18 at 22:26
add a comment |
Yes you can. Also with PHP.
How?
Save the profile you want to sign to a temp file:
file_put_contents ($tmp_file_name, $profile_data);
Sign the file you have just created:
$data = shell_exec ("openssl smime -sign -in $tmp_file_name {add here another parameters you need...}");
Send the data to the client:
echo $data;
Delete the tmp file...
unlink ($tmp_file_name);
answered Nov 29 '18 at 8:48
zvizvi
460411
Yes you can. Also with PHP.
How?
Save the profile you want to sign to a temp file:
file_put_contents ($tmp_file_name, $profile_data);
Sign the file you have just created:
$data = shell_exec ("openssl smime -sign -in $tmp_file_name {add here another parameters you need...}");
Send the data to the client:
echo $data;
Delete the tmp file...
unlink ($tmp_file_name);
answered Nov 29 '18 at 8:48
zvizvi
460411
answered Nov 29 '18 at 8:48
zvizvi
460411
answered Nov 29 '18 at 8:48
zvizvi
460411
answered Nov 29 '18 at 8:48
zvizvi
460411
460411
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 '18 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 '18 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 '18 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 '18 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 '18 at 22:26
add a comment |
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 '18 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 '18 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 '18 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 '18 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 '18 at 22:26
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 '18 at 9:54
That's sounds great, thanks. However, which infos do you put on "{add here another parameters you need...}" ? I guess I have to put some Apple certificates informations elsewhere? Is that linked to the Apple developer certificate you have to generate in order to publish apps on the appstore? I'm sorry for being so dunb, I'm a JS frontend developer so that is really not my comfort zone!!
– TooLiPHoNe.NeT
Nov 30 '18 at 9:54
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 '18 at 17:03
See here: discussions.apple.com/thread/4907079 > openssl smime -sign -signer your_server.crt -inkey your_server_cert_key.pem -certfile your_server_cert_chain.pem -nodetach -outform der -in your_unsigned_profile.mobileconfig -out your_signed_profile.mobileconfig
– zvi
Dec 1 '18 at 17:03
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 '18 at 7:54
@TooLiPHoNe.NeT and please mark answer as accepted.
– zvi
Dec 2 '18 at 7:54
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 '18 at 22:25
yes thaks! I saw and bookmarked this link indeed. So I guess I now have to generate *.pem files from the p12 file from the iOS developer certificate (I've read other things about that). And I have to enroll the Apple's dev program first of course, or buy another certificate.
– TooLiPHoNe.NeT
Dec 2 '18 at 22:25
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 '18 at 22:26
I'd like to mark as accepted after I confirm it is working for my case, but this could take some time for me to test that so I accpet your answer, it will help me a lot. I'll tell you back here when I'll manage to have some time to implement all this. thanks
– TooLiPHoNe.NeT
Dec 2 '18 at 22:26
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434631%2fhow-to-sign-an-ios-configuration-profile-generated-programmatically%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
