Configuration: developing a macOS application, macOS High Sierra 10.13.1, and Xcode version 9.1 (9B55).
Alright, I've looked all over the place for a possible solution, tried several things, and nothing's worked so far.
I have a Web service running under Spring Boot, so it uses Apache Tomcat underneath and I've configured it to use the last stable release of Java 8 (1.8u152).
Because I configured my service to use HTTPS, I created a self-signed certificate. I've read that Swift doesn't really like this, but there are things you are supposed to be able to do to mitigate that until your app is ready for production.
So I created my certificate using keytool, tested it in the browser, got the usual "Your connection is not private" warning, which I expected since it was self-signed. But after allowing the exception, it works and all HTTP requests redirect to HTTPS like I programmed it to.
Now, when I try to make a POST request in Swift, I get this group of errors:
2017-11-27 22:15:35.963123-0500 MyApp[2885:4510057] TIC SSL Trust Error [1:0x600000168c40]: 3:0
2017-11-27 22:15:35.971297-0500 MyApp[2885:4510057] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2017-11-27 22:15:35.971344-0500 MyApp[2885:4510057] Task <1ADE665F-B044-4678-8291-BF63E579CCDE>.<1> HTTP load failed (error code: -1202 [3:-9813])
2017-11-27 22:15:35.971456-0500 MyApp[2885:4510056] Task <1ADE665F-B044-4678-8291-BF63E579CCDE>.<1> finished with error - code: -1202
Upon researching this further, I made the following additions to my Info.plist file:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>localhost</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
I tried doing this in raw source code and via the plist editor. No luck either way.
Here is the code that attempts the POST request:
let url = Constants.SERVICE_URL + "account/post"
let body: [String : Any] =
["firstName": txtFirstName.stringValue,
"lastName": txtLastName.stringValue,
"email": txtEmail.stringValue,
"password": txtPassword.stringValue];
let req = Request.create(urlExtension: url, httpVerb: Constants.HTTP_POST, jsonBody: body)
let task = URLSession.shared.dataTask(with: req) { data, response, err in
guard let data = data, err == nil else {
reply(false)
return
}
do {
let resp = try JSONSerialization.jsonObject(with: data)
reply(resp)
} catch {
print("Error: " + error.localizedDescription)
reply(false)
}
}
task.resume()
I'm at a loss now... does anyone know what to do about this?
I fixed it! Since my certificate was self-signed, my Mac did not trust it by default (which makes sense). I followed the instructions at macOS Sierra: If your certificate isn’t being accepted and it worked.
Make sure to add the certificate to the System keychain.
Related
I am new to iOS/SwiftUI development but am trying to develop an app and webapis on my MacBook Pro. I am using VSCode and C# on the backend and calling the webapis from the iPhone simulator.
I have a localhost certificate in my Keychain with a Subject Alternative Name of the ip for my local machine (10.0.0.5). I have this working with Android using 10.0.2.2 (emulator localhost for computer hosting the emulator), so I know it does work.
I can also run the API from the browser using 10.0.0.5 and get the results.
When I run from the simulator I get these error:
2022-01-15 18:05:03.352411-0500 TestApp[24757:274897] [Unknown process
name] copy_read_only: vm_copy failed: status 1. calling loadData...
loading data... 2022-01-15 18:05:06.008842-0500 TestApp[24757:274902]
Connection 1: default TLS Trust evaluation failed(-9807) 2022-01-15
18:05:06.009049-0500 TestApp[24757:274902] Connection 1: TLS Trust
encountered error 3:-9807 2022-01-15 18:05:06.009148-0500
TestApp[24757:274902] Connection 1: encountered error(3:-9807)
2022-01-15 18:05:06.010008-0500 TestApp[24757:274902] Task
<17311174-24FF-403A-AA1B-4894D097FB41>.<1> HTTP load failed, 0/0 bytes
(error code: -1202 [3:-9807]) 2022-01-15 18:05:06.013874-0500
TestApp[24757:274896] Task <17311174-24FF-403A-AA1B-4894D097FB41>.<1>
finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202
"The certificate for this server is invalid. You might be connecting
to a server that is pretending to be “10.0.0.5” which could put your
confidential information at risk."
UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to
the server anyway?, _kCFStreamErrorDomainKey=3,
NSErrorPeerCertificateChainKey=(
"<cert(0x7fbef400f200) s: localhost i: localhost>" ), NSErrorClientCertificateStateKey=0,
NSErrorFailingURLKey=https://10.0.0.5:5001/WeatherForecast,
NSErrorFailingURLStringKey=https://10.0.0.5:5001/WeatherForecast,
NSUnderlyingError=0x6000023c6490 {Error Domain=kCFErrorDomainCFNetwork
Code=-1202 "(null)"
UserInfo={_kCFStreamPropertySSLClientCertificateState=0,
kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600001c58500>,
_kCFNetworkCFStreamSSLErrorOriginalValue=-9807, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9807, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x7fbef400f200) s: localhost i: localhost>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <17311174-24FF-403A-AA1B-4894D097FB41>.<1>" ), _kCFStreamErrorCodeKey=-9807, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <17311174-24FF-403A-AA1B-4894D097FB41>.<1>,
NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600001c58500>,
NSLocalizedDescription=The certificate for this server is invalid. You
might be connecting to a server that is pretending to be “10.0.0.5”
which could put your confidential information at risk.} Invalid data
I followed the instructions from this post to put the NSExceptionDomain I am using. I am having trouble digesting the Overriding TLS Chain Validation Correctly. I followed this thread on Swift 5.1 UIWebView Does not View URL because of untrusted Certificate as well. Also, iOS app ignoring NSAppTransportSecurity.
My Info.plist has this in it:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>https://10.0.0.5:5001/WeatherForecast</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
I tried a variety of combinations for the key from 10.0.0.5 to https://10.0.0.5:5001/WeatherForecast.
UPDATE
I tried this Domain=NSURLErrorDomain Code 1202 as well, exporting the .cer from keychain and installing it on the emulator, but I still get the same error:
Since today whenever I try to login my application I get the following error thrown by the Dio package: SocketException: Insecure socket connections are disallowed by platform: 10.0.2.2
I use the following settings to connect:
static BaseOptions options = new BaseOptions(
baseUrl: "http://10.0.2.2:3000", // on android emulator
connectTimeout: 5000,
receiveTimeout: 3000)
And consequently something along the lines of (where I have authentication set-up and functioning properly at /user/login):
var apiLogin = api.dio;
try {
Response response = await apiLogin.post("/user/login",
options: Options(contentType: "application/json"),
data: {"email": email, "password": password});
} on DioError catch (e) {
throw Exception([e]);
}
I have a Node server running on port 3000 which is connected to (containerized) mongodb. When trying the authentication, it immediately has the DioError and I haven't been able to find the cause anywhere online.
Does anyone know what this error is related to?
EDIT [ANSWER]
Thanks to #lyrics for pointing me in the right direction:
From API level 27 and higher, usesCleartextTraffic defaults to false, consequently blocking outgoing http requests, requiring HTTPS.
The solution was to add the following to AndroidManifest.xml:
<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application
...
android:usesCleartextTraffic="true"
...>
...
</application>
</manifest>
as stated in stackoverflow answer
source: https://developer.android.com/guide/topics/manifest/application-element#usesCleartextTraffic
I have a similar issue with Flutter running on ios Simulator and Android emulator:
SocketException: Insecure socket connections are disallowed by platform:
Inside the Flutter project go to :
To enable in Ios:
ios folder -> runner folder -> info.plist
Then add the following lines to enable HTTP requests:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
To enable in Android:
Android folder -> app -> src -> main -> AndroidManifest.xml
Add this permission:
<uses-permission android:name="android.permission.INTERNET"/>
then add the following line inside application tag:
android:usesCleartextTraffic="true"
First add-in AndroidManifest file
add this line in the end before closing tag
<uses-permission android:name="android.permission.INTERNET" />
add this line in the beginning
find this tag and add it first in it
<application
android:usesCleartextTraffic="true"
It seems you newly upgraded to Android 10, Well you probably didn't know that HTTPS is the default connection protocol starting with Android 9 and that all connection not using Https will fail.
Read more https://developer.android.com/training/articles/security-config.html
See this answer here
https://stackoverflow.com/a/50834600/6467637
I was making a call to-
Response response = await get('http://worldtimeapi.org/api/timezone/Asia/Kolkata');
Instead of http I simply replaced it to https and it was fixed.
The new request was-
Response response = await get('https://worldtimeapi.org/api/timezone/Asia/Kolkata');
This fixed the issue for me.
I have developed an app in Xcode10 with Swift (app name: "TerminalsPOC"). I am making an https request to my organization’s internal web api (let's call the url "https://example.com:50001/RESTAdapter/toolbox/getMyData") using Alamofire. I have a class with a class-level variable to reference a session manager:
// Swift code
let serverTrustPolicies: [String: ServerTrustPolicy] = [
“example.com": .pinCertificates(
certificates: ServerTrustPolicy.certificates(in: Bundle(for: type(of: self))),
validateCertificateChain: false,
validateHost: true
)
]
sessionManager = SessionManager(
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
sessionManager.request(url, method: .get) ...
I have imported the necessary .cer certificate into the app’s bundle. I have left the default ATS settings, but have added an NSExceptionDomain. The relevant info.plist section looks like
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<false/>
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
This works so long as the NSExceptionAllowsInsecureHTTPLoads setting is set to true. If I set it to false, the request fails with the message: An SSL error has occurred and a secure connection to the server cannot be made. [-1200]
2018-12-07 11:55:42.122423-0700 TerminalsPOC[27191:371810] ATS failed
system trust 2018-12-07 11:55:42.122530-0700
TerminalsPOC[27191:371810] System Trust failed for [2:0x600001fad740]
2018-12-07 11:55:42.122637-0700 TerminalsPOC[27191:371810] TIC SSL
Trust Error [2:0x600001fad740]: 3:0
2018-12-07 11:55:42.125928-0700
TerminalsPOC[27191:371810] NSURLSession/NSURLConnection HTTP load
failed (kCFStreamErrorDomainSSL, -9802)
2018-12-07 11:55:42.126109-0700 TerminalsPOC[27191:371810] Task
<54567E3C-2BBC-4227-9C0A-FC60370A10AA>.<1> HTTP load failed (error
code: -1200 [3:-9802])
2018-12-07 11:55:42.126872-0700
TerminalsPOC[27191:371812] Task
<54567E3C-2BBC-4227-9C0A-FC60370A10AA>.<1> finished with error - code:
-1200
2018-12-07 11:55:42.140600-0700 TerminalsPOC[27191:371810] Task <54567E3C-2BBC-4227-9C0A-FC60370A10AA>.<1> load failed with error
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred
and a secure connection to the server cannot be made."
UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to
the server anyway?, _kCFStreamErrorDomainKey=3,
NSErrorPeerCertificateChainKey=(
"",
"" ), NSErrorClientCertificateStateKey=0,
NSErrorFailingURLKey=https://example.com:50001/RESTAdapter/toolbox/getMyData,
NSErrorFailingURLStringKey=https://example.com:50001/RESTAdapter/toolbox/getMyData,
NSUnderlyingError=0x6000024e89f0 {Error Domain=kCFErrorDomainCFNetwork
Code=-1200 "(null)"
UserInfo={_kCFStreamPropertySSLClientCertificateState=0,
kCFStreamPropertySSLPeerTrust=,
_kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
"",
"" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <54567E3C-2BBC-4227-9C0A-FC60370A10AA>.<1>" ), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <54567E3C-2BBC-4227-9C0A-FC60370A10AA>.<1>,
NSURLErrorFailingURLPeerTrustErrorKey=,
NSLocalizedDescription=An SSL error has occurred and a secure
connection to the server cannot be made.} [-1200]
I tried running “nscurl --ats-diagnostics https://example.com:50001/RESTAdapter/toolbox/getMyData”, and the response included the following:
Default ATS Secure Connection
--- ATS Default Connection Result : PASS
========
Allowing Arbitrary Loads
--- Allow All Loads Result : PASS
========= Configuring TLS exceptions for example.com
--- TLSv1.3 2018-12-07 10:59:17.492 nscurl[24303:331847] NSURLSession/NSURLConnection HTTP load failed
(kCFStreamErrorDomainSSL, -9800) Result : FAIL
--- TLSv1.2 Result : PASS
--- TLSv1.1 Result : PASS
--- TLSv1.0 Result : PASS
============ Configuring PFS exceptions for example.com
--- Disabling Perfect Forward Secrecy Result : PASS
========== Configuring PFS exceptions and allowing insecure HTTP for example.com
--- Disabling Perfect Forward Secrecy and Allowing Insecure HTTP Result : PASS
This all looks OK to me. I must be missing something.
So my questions are:
1. Why does setting the NSExceptionAllowsInsecureHTTPLoads to true cause the call to work, given that it is an https request (with no redirect)? I thought this setting only affects http calls, and should not affect https calls.
2. How can I get this web request to work without setting NSExceptionAllowsInsecureHTTPLoads (which seems to be a hack/work-around, doesn’t it)?
The problem in this case was that the app was running on a simulator on which the required certificate had not been installed.
Once the correct (root) certificate had been installed and trusted, the pinned certificate check passed, and it was then possible to set the NSExceptionAllowsInsecureHTTPLoads info.plist setting back to "NO".
I wish the error message had been more explicit. :-/
I was wondering should I put a s behind the http in this url, because I keep getting an error.
Here is the code.
("http://query.yahooapis.com/v1/public/yql?q=select
Yes, you should prefer the HTTPS version if possible.
However, I believe the error you are getting is not because of HTTPS, it's actually an error with your request
<?xml version="1.0" encoding="UTF-8"?>
<error xmlns:yahoo="http://www.yahooapis.com/v1/base.rng" yahoo:lang="en-US"><description>Query syntax error(s) [line 1:6 expecting fields_or_star got ' ']</description></error>
Apple has made the change that you have to use HTTPS or enter an exception in your info.plist.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
This allows all http traffic, but I would suggest strongly to only do this for testing.
See this Apple document.
I'm able to query device information, get list of profiles installed on the device etc, but am unable to install a profile onto the device.
I've configured a restrictions profile. When I host it on my server and download it via Safari, it installs. But when I encode it as base64 (as per MDM requirements) and try installing it, I get the following error.
DM: Attempting to perform MDM request: InstallProfile
Oct 10 10:25:32 iPhone-4 mdmd[516] <Notice>: (Error) MC: Failed to parse profile data. Error: NSError:
Desc : Invalid Profile
US Desc: Invalid Profile
Domain : MCProfileErrorDomain
Code : 1000
Type : MCFatalError
Oct 10 10:25:32 iPhone-4 mdmd[516] <Notice>: (Error) MDM: Command Status: Error
Error: NSError:
Desc : Invalid Profile
US Desc: Invalid Profile
Domain : MCProfileErrorDomain
Code : 1000
Type : MCFatalError
Below is the Base64 encoded data of the profile I'm trying to install. I generated the below data based on the suggestions here and here
PHBsaXN0IHZlcnNpb249IjEuMCI+CjxkaWN0PgoJPGtleT5QYXlsb2FkQ29udGVudDwva2V5PgoJ
PGFycmF5PgoJCTxkaWN0PgoJCQk8a2V5PlBheWxvYWREZXNjcmlwdGlvbjwva2V5PgoJCQk8c3Ry
aW5nPjwvc3RyaW5nPgoJCQk8a2V5PlBheWxvYWREaXNwbGF5TmFtZTwva2V5PgoJCQk8c3RyaW5n
PlJlc3RyaWN0aW9uczwvc3RyaW5nPgoJCQk8a2V5PlBheWxvYWRJZGVudGlmaWVyPC9rZXk+CgkJ
CTxzdHJpbmc+Y28ubXltZG0ucmVzdHJpY3Rpb25zLnJlc3RyaWN0aW9uczE8L3N0cmluZz4KCQkJ
PGtleT5QYXlsb2FkT3JnYW5pemF0aW9uPC9rZXk+CgkJCTxzdHJpbmc+PC9zdHJpbmc+CgkJCTxr
ZXk+UGF5bG9hZFR5cGU8L2tleT4KCQkJPHN0cmluZz5jb20uYXBwbGUuYXBwbGljYXRpb25hY2Nl
c3M8L3N0cmluZz4KCQkJPGtleT5QYXlsb2FkVVVJRDwva2V5PgoJCQk8c3RyaW5nPjg0MzA2NThB
LUY1MDQtNDA2MC1BOTUyLTc2MkUwMzg3NjY5Nzwvc3RyaW5nPgoJCQk8a2V5PlBheWxvYWRWZXJz
aW9uPC9rZXk+CgkJCTxpbnRlZ2VyPjE8L2ludGVnZXI+CgkJCTxrZXk+YWxsb3dBZGRpbmdHYW1l
Q2VudGVyRnJpZW5kczwva2V5PgoJCQk8dHJ1ZS8+CgkJCTxrZXk+YWxsb3dBcHBJbnN0YWxsYXRp
b248L2tleT4KCQkJPGZhbHNlLz4KCQkJPGtleT5hbGxvd0Fzc2lzdGFudDwva2V5PgoJCQk8dHJ1
ZS8+CgkJCTxrZXk+YWxsb3dBc3Npc3RhbnRXaGlsZUxvY2tlZDwva2V5PgoJCQk8dHJ1ZS8+CgkJ
CTxrZXk+YWxsb3dDYW1lcmE8L2tleT4KCQkJPHRydWUvPgoJCQk8a2V5PmFsbG93Q2xvdWRCYWNr
dXA8L2tleT4KCQkJPHRydWUvPgoJCQk8a2V5PmFsbG93Q2xvdWREb2N1bWVudFN5bmM8L2tleT4K
CQkJPHRydWUvPgoJCQk8a2V5PmFsbG93RGlhZ25vc3RpY1N1Ym1pc3Npb248L2tleT4KCQkJPHRy
dWUvPgoJCQk8a2V5PmFsbG93RXhwbGljaXRDb250ZW50PC9rZXk+CgkJCTx0cnVlLz4KCQkJPGtl
eT5hbGxvd0dsb2JhbEJhY2tncm91bmRGZXRjaFdoZW5Sb2FtaW5nPC9rZXk+CgkJCTx0cnVlLz4K
CQkJPGtleT5hbGxvd0luQXBwUHVyY2hhc2VzPC9rZXk+CgkJCTx0cnVlLz4KCQkJPGtleT5hbGxv
d011bHRpcGxheWVyR2FtaW5nPC9rZXk+CgkJCTx0cnVlLz4KCQkJPGtleT5hbGxvd1Bob3RvU3Ry
ZWFtPC9rZXk+CgkJCTx0cnVlLz4KCQkJPGtleT5hbGxvd1NhZmFyaTwva2V5PgoJCQk8dHJ1ZS8+
CgkJCTxrZXk+YWxsb3dTY3JlZW5TaG90PC9rZXk+CgkJCTx0cnVlLz4KCQkJPGtleT5hbGxvd1Vu
dHJ1c3RlZFRMU1Byb21wdDwva2V5PgoJCQk8dHJ1ZS8+CgkJCTxrZXk+YWxsb3dWaWRlb0NvbmZl
cmVuY2luZzwva2V5PgoJCQk8dHJ1ZS8+CgkJCTxrZXk+YWxsb3dWb2ljZURpYWxpbmc8L2tleT4K
CQkJPHRydWUvPgoJCQk8a2V5PmFsbG93WW91VHViZTwva2V5PgoJCQk8dHJ1ZS8+CgkJCTxrZXk+
YWxsb3dpVHVuZXM8L2tleT4KCQkJPHRydWUvPgoJCQk8a2V5PmZvcmNlRW5jcnlwdGVkQmFja3Vw
PC9rZXk+CgkJCTxmYWxzZS8+CgkJCTxrZXk+Zm9yY2VJVHVuZXNTdG9yZVBhc3N3b3JkRW50cnk8
L2tleT4KCQkJPGZhbHNlLz4KCQkJPGtleT5yYXRpbmdBcHBzPC9rZXk+CgkJCTxpbnRlZ2VyPjEw
MDA8L2ludGVnZXI+CgkJCTxrZXk+cmF0aW5nTW92aWVzPC9rZXk+CgkJCTxpbnRlZ2VyPjEwMDA8
L2ludGVnZXI+CgkJCTxrZXk+cmF0aW5nUmVnaW9uPC9rZXk+CgkJCTxzdHJpbmc+dXM8L3N0cmlu
Zz4KCQkJPGtleT5yYXRpbmdUVlNob3dzPC9rZXk+CgkJCTxpbnRlZ2VyPjEwMDA8L2ludGVnZXI+
CgkJCTxrZXk+c2FmYXJpQWNjZXB0Q29va2llczwva2V5PgoJCQk8aW50ZWdlcj4yPC9pbnRlZ2Vy
PgoJCQk8a2V5PnNhZmFyaUFsbG93QXV0b0ZpbGw8L2tleT4KCQkJPHRydWUvPgoJCQk8a2V5PnNh
ZmFyaUFsbG93SmF2YVNjcmlwdDwva2V5PgoJCQk8dHJ1ZS8+CgkJCTxrZXk+c2FmYXJpQWxsb3dQ
b3B1cHM8L2tleT4KCQkJPHRydWUvPgoJCQk8a2V5PnNhZmFyaUZvcmNlRnJhdWRXYXJuaW5nPC9r
ZXk+CgkJCTxmYWxzZS8+CgkJPC9kaWN0PgoJPC9hcnJheT4KCTxrZXk+UGF5bG9hZERlc2NyaXB0
aW9uPC9rZXk+Cgk8c3RyaW5nPlByb2ZpbGUgZGVzY3JpcHRpb24uPC9zdHJpbmc+Cgk8a2V5PlBh
eWxvYWREaXNwbGF5TmFtZTwva2V5PgoJPHN0cmluZz5HZW5lcmFsPC9zdHJpbmc+Cgk8a2V5PlBh
eWxvYWRJZGVudGlmaWVyPC9rZXk+Cgk8c3RyaW5nPmNvLm15bWRtLnJlc3RyaWN0aW9uczwvc3Ry
aW5nPgoJPGtleT5QYXlsb2FkT3JnYW5pemF0aW9uPC9rZXk+Cgk8c3RyaW5nPjwvc3RyaW5nPgoJ
PGtleT5QYXlsb2FkUmVtb3ZhbERpc2FsbG93ZWQ8L2tleT4KCTxmYWxzZS8+Cgk8a2V5PlBheWxv
YWRUeXBlPC9rZXk+Cgk8c3RyaW5nPkNvbmZpZ3VyYXRpb248L3N0cmluZz4KCTxrZXk+UGF5bG9h
ZFVVSUQ8L2tleT4KCTxzdHJpbmc+MUU4MjY0NEEtQjRCRi00RkM0LTgxQTgtNTdCRTFDOTg4MTg1
PC9zdHJpbmc+Cgk8a2V5PlBheWxvYWRWZXJzaW9uPC9rZXk+Cgk8aW50ZWdlcj4xPC9pbnRlZ2Vy
Pgo8L2RpY3Q+CjwvcGxpc3Q+Cg==
I have enabled profile installation in the MDM payload. Please help me in figuring out the problem.
You are missing the XML Declaration and the plist doctype. Add the following two lines to the top of the profile (before base64 encoding it):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
The problem is solved. Just out of annoyance I removed the extra spaces between the XML tags of the .mobileConfig. See below...
Changed
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Restrictions</string>
..........
</dict>
to
<dict><key>PayloadContent</key><array><dict><key>PayloadDescription</key><string></string><key>PayloadDisplayName</key><string>Restrictions</string>..........</dict>
I used this site to encode it into base64. (for testing only)
For future viewers, you need to start from the <dict> tag