I can't install a certificate for "Vpn & App user certificate" on Android 11. I tried setting it up via "Settings" menu > "Install from device storage," > "VPN and app user certificate", but I see an error like: "this file can't be used as a VPN & app user certificate".
But weird, two month ago it worked fine, maybe I'm doing something wrong with it?
Are you sure you want to install it for "VPN & App User"? In particular, I was trying to install the certificate from Burp proxy and was misled by the instructions that said
In some versions of Android, your device will ask if you want to use the certificate for "VPN and apps" or "WiFi".In the "Credential use:" options, you should select "VPN and apps".
In my case with Android 12, there was a 3rd option, "CA certificate". But I tried a few times with "VPN & app user certificate" and it failed, with the same error message you saw. Then I tried "CA certificate", and it worked.
To be fair, the title of the instructions was "Installing Burp's CA Certificate in an Android Device", which gives a clue that it should be CA Certificate, even though it says to select "VPN and apps".
Related
I cannot add any certificates on AS2 messages in BizTalk.
So here's what I have for the moment (I have installed 2 certificates on the BizTalk machine using the same account as the on under which the Host Instance is running.
The 2 certificates are the following and placed in the locations:
\Personal\Certificates - My own certificate 'pfx'.
\Other People\Certificates - Party certificate 'cer'.
So far the importing of the certificates.
Now, when in BizTalk Administration, I go to Parties and I go on the agreement between the parties. In that window I go down to 'Signature certificate' and I check "Override group signing certificate". Then when I click "browse" I see:
"No certificate available."
"No certificates meet the application criteria".
Any idea on what's wrong here?
I've found it. The certificates should be installed under the same instance that the BizTalk Administration Console is openend. Otherwise the certificates could not be found.
I am using Keychain Access on a Mac, trying to create a new certificate for iphone app signing. My existing cert is nearly expired. I keep getting the error "the specified keychain could not be found".
Here are my steps:
Open Keychain Access on Mac OS X 10.7.5.
Select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
User Email Address and Common Name are pre-populated. I leave them as-is. I change the radio button from "Emailed to the CA" to "Saved to disk".
Click Continue.
Whether I use the default filename or type a different name, I always get the same error.
What am I doing wrong?
I'm stuck with my app. I can't upload it to iTunes because, after the "Archive" step when I have to choose an application record and a Code Signing Identity it says:
"My Name" is a valid identity. However, the associated package identity "My Name" has expired.
Looking in the popup menu of Code Sign Identity I notice that the problem comes from the "MyProgram_production" certificate, and in fact in the provisioning portal, when I go to create the developer certificate profile for Production I get this error:
You must have a valid Mac Application Certificate to create a Provisioning Profile.
But I already created a valid provisioning profile, as you can see in the image it is there, but the expired one is also there.
My problem is that in the certificates page of the Apple site, the old expired one is not there. There are some old certificates but I have no chance to delete them:
What can I do about this?
After 2 days of total desperation... (I should be used being an Apple Dev for some years now...) I finally resolved my problem...
For who is having the same difficulty the problem was I could not see the expired certificates in my Keychain Access and that is because there was the (strange) option "Hide Expired Certificates" in my comp... I changed Mac and had no idea there was this option...
Why someone should want to hide an expired certificate and not just delete it???
Anyway deleting the expired certs and doing all the certificates again on Apple site did the trick!
You have to revoke and have to create new certificate. It clearly says "You must have a valid Mac Application Certificate to create a Provisioning Profile. So you have to generate valid certificate starting from keychain.
It may seem to be asked several times, but I could not find answers to my doubts.
As one needs to setup an MDM server, what are the things that need to be available or installed on this server. Is there a specific configuration?
Is SCEP (which I think needs to be available on the server) required to setup MDM. If yes, how to go about with it.
When I set the Server URL inb the MDM config profile to any of the servers I have, the profile fails to install with the error in console as "The identity certificate for com.abc.mdm.mdm1 could not be found."
It'll be helpful if anyone could redirect me to the detailed steps to setup MDM server. I could not find any such thing in Apple's WWDC 2010 video.
Edit: Some more stuff I've tried
I'm trying to configure MDM server for iPhone and have tried the following steps till now.
I have installed a trial certificate from RapidSSL. When I open my site as https://example.com, I can see a lock at the address bar - hence I believe that the certificate is valid and working.
In iPCU, I create a credentials payload and select my certificate from the list.
In the MDM payload, when I try to select an Identity, the dropdown list is disabled with a message as Add credentials in the credentials payload.
In the credentials payload when I select any other certificate from the list - VeriSign for example - in the MDM payload I get the Identity dropdown list enabled and can select the configured credential, but this is an Invalid certificate.
Edit: Images added
Edit: Moved further more
With some hits here and there, I'm now able to get the 'Identity' field enabled. But when I try to install the profile, I get an error as 'Profile failed to install' with the message in console as
Nov 22 15:15:11 Apple-iphone-4 profiled[1320] <Warning>: MDM|Cannot Authenticate. Error: NSError 0x1ddb8f50:
Desc : A transaction with the server at https://example.com has failed with the status 405.
US Desc: A transaction with the server at https://example.com has failed with the status 405.
Domain : MCHTTPTransactionErrorDomain
Code : 23001
Type : MCFatalError
Params : (
"https://example.com",
405
)
Nov 22 15:15:11 Apple-iphone-4 profiled[1320] <Warning>: MC|Cannot install MDM com.example.ota.mdm2. Error: NSError 0x1ddb9120:
Desc : The payload com.example.ota.mdm2 could not be installed.
Sugg : A transaction with the server at https://example.com has failed with the status 405.
US Desc: The payload com.example.ota.mdm2 could not be installed.
US Sugg: A transaction with the server at https://example.com has failed with the status 405.
Domain : MCInstallationErrorDomain
Code : 4001
Type : MCFatalError
Params : (
"com.example.ota.mdm2"
)
Edit: Continuing after a long break
Here's a summary of what I've done till now.
Configured a Windows 2008 server with an SSL certificate from a CA. ie. The server can be accessed as https://example.com
Hosted a .Net webservice that listens to PUT.
Generated an MDM certificate from the iOS Developer portal.
Generated a Push certificate from Apple. The topic is something like com.apple.mgmt.External.035e7xxxxx
Added the server certificate to the Credentials payload of iPCU. This was done by
- Exporting the server side SSL as a .pfx file
- Adding this file to the Windows Certificate store
- Selecting this certificate in the credentials payload.
I've hosted this profile on the server. When I download it on the device, I'm presented with Profile Installation on the device. When I install this profile, I end up with an error saying "The profile MDM could not be installed". On looking at the device logs, I found
<Notice>: (Error) MDM: Cannot Authenticate. Error: NSError:
Desc : A transaction with the server at “https://example.com” has failed with the status “400”
IMP: I noticed that the Push certificate generated says "This certificate was signed by an unknown authority". There's also no private key associated with it.
I suspect something wrong is selecting the certificate in the Credentials payload (Step 5).
Also when the Profile Installation screen is presented, I get "Not Verified" just below the the profile name.
Solved
For the "unknown authority" issue I installed Apple's Application Integration certificate.
I'm now able to execute the MDM commands.
Complete Steps
https://drive.google.com/file/d/0B9vJDmfd2qb9RmdGNlp4OUR3eVk/view?usp=sharing
https://drive.google.com/file/d/0B9vJDmfd2qb9eGlkUk44ajZrWjg/view?usp=sharing
You need just 3 things
1) mdm payload with mdm url starting with https://
2) certificate which you download using apple developer portal. This is detailed on apple site
3) Link this certificate (.p12) file in the identity section of the mdm payload
Your server needs to have the necessary ports open - this is also documented. The server needs to listen on PUT method and not GET or POST.
If you do above - you will see that your device sends the deviceToken, pushMagic etc.
First up, the 405 status from the server means that you are attempting to POST to a URL that does not accept the POST method. It has nothing to do with the certificates at this point. The certificate in MDM is only used for signing the MDM messages so anything that is put in there is unused if you are not signing your MDM messages from the device (I would recommend not signing your MDM messages while you are testing/setting up) which is configured using the 'Sign Messages' tick-box in the iPCU.
The general idea with MDM is that you tell the device to 'phone home' to the 'Server URL' configured in the configuration profile when it receives an MDM APNS message. You will either have to write or purchase the code that lives on this server to respond to the device and do the right thing. You can also configure the 'Check In' and 'Check Out' URLs to talk to different URLs and, therefore, different code components on the server to handle the different messages.
In the App ID section of the Program Portal, locate the App ID you wish to use with the Apple Push Notification service. Only App IDs with a specific bundle ID can be used with the APNs. You cannot use a “wild-card” application ID. You must see “Available” under the Apple Push Notification service column to register this App ID and configure a certificate for this App ID.
Click the ‘Configure’ link next to your desired App ID.
In the Configure App ID page, check the Enable Push Notification Services box and click the Configure button. Clicking this button launches the APNs Assistant, which guides you through the next series of steps that create your App ID specific Client SSL certificate.
Download the Client SSL certificate file to your download location. Navigate to that location and double-click the certificate file (which has an extension of cer) to install it in your keychain.
When you are finished, click Done in the APNS Assistant.
Double-clicking the file launches Keychain Access. Make sure you install the certificate in your login keychain on the computer you are using for provider development. The APNs SSL certificate should be installed on your notification server.
When you finish these steps you are returned to the Configure App ID page of the iPhone Dev Center portal. The certificate should be badged with a green circle and the label “Enabled”.
To complete the APNs set-up process, you will need to create a new provisioning profile containing your APNs-enabled App ID.
IS it posssible to do theses steps through code.
No, this completes only the certificate part. you need to implement code in your app and also you need a server(SSL supported).what you have to do after generating certificate is register your device for remote notification.you'll find that how to do this in Remote notification guide.then you'll get device token send the device token to your server and your server will forward the device token+message(you want to show on device) to APNS.APNS will send the notification to the device.also you need to show certificate when sending device token from your server to APNs.read the whole Remote Notifications Guide carefully.