I was able to develop a mdm solution.
I started facing problem when I moved my agent from Developer account's provisioning profile to Enterprise account's in-house distribution profile.
Now I am totally confused which certificate is used where?
Please guide me his is the certificate used in the below places:
Certificate in credentials section of enrollment profile (is it having BI as com.apple.mgmt._ ? or can be any like com.abc.mdm ? or it's the one received by customer)
Certificate .pem file used to wake up device?
Thanks
You need to use your iOS Enterprise developer account use the Agent account's credentials.
Follow this page http://www.softhinker.com/in-the-news/iosmdmvendorcsrsigning and then verify few things as remove the passphrase from customerPrivateKey.pem using this command
openssl rsa -in customerPrivateKey.pem -out PlainKey.pem
Verify the .pem certificate downloaded from https://identity.apple.com/pushcert/
You can install this .pem in you Mac's Keychain and then see the Get Info and the certificate should have com.apple.mgmt.External.b503419d-1e2a-a60f-7451-5b8832b5a9cb, which you can use as push topic while generating enroll mobileconfig .
Then merge your APNS certificate (for example CustomerCompanyName.pem) downloaded from the portal https://identity.apple.com/pushcert/ using this command
cat CustomerCompanyName.pem PlainKey.pem > PlainCert.pem
Now the PlainCert.pem you can use as APNS/MDM certificate.
Please see this for Identity.p12 and respective password, which you have to use in Credential section.
1) it HAS to be com.apple.mgmt._ however this does not come from the provisioning portal - all you can set up here is your vendor certificate. See here
2) the certificate is used to make the connection to the APNS service, but you should get this from the the Apple Push Certificates Portal
Related
I came with error after creating the certificate ,
This app package’s publisher certificate could not be verified. Contact your system administrator or the app developer to obtain a new app package with verified certificates. The root certificate and all immediate certificates of the signature in the app package must be verified (0x800B010A)
Amazon recently release Echo Alexa toolkit.
I received, registered my app. Alexa clearly recognizes my app exists. However it gives this error
Request Identifier:
amzn1.echo-api.request.d969c196-8b3e-4169-99c8-20f566889760 The
certificate does not have a path to a trusted authority. This happens
if you are using a self signed certificate. Voice feedback Echo heard:
"alexa start myapp"
I verified my COMODO CA (COMODO RSA Certification Auth) is on the list of authorized CA. I ensured my certificate bundle was valid.
Is there anything specific I need to ensure my bundle.crt is in the correct order for Alexa? (there is no mention that .com is required, I am using .net)
these my COMODO filenames.
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
mydomain-net.crt
ssl-bundle.crt
stn.private.key
Excited to get this to work ... please help
SA
I am now able to communicate with Alexa without issues. the source of the problem was the order of the certs and the incorrect directives in SSL and HTTP config files for apache.
I used
openssl s_client -connect 192.237.1.1:443
to verify that the certificate
Verify return code: 0 (ok)
Initially I was able to confirm the error by code and searched and fixed it.
I'm stuck with my app. I can't upload it to iTunes because, after the "Archive" step when I have to choose an application record and a Code Signing Identity it says:
"My Name" is a valid identity. However, the associated package identity "My Name" has expired.
Looking in the popup menu of Code Sign Identity I notice that the problem comes from the "MyProgram_production" certificate, and in fact in the provisioning portal, when I go to create the developer certificate profile for Production I get this error:
You must have a valid Mac Application Certificate to create a Provisioning Profile.
But I already created a valid provisioning profile, as you can see in the image it is there, but the expired one is also there.
My problem is that in the certificates page of the Apple site, the old expired one is not there. There are some old certificates but I have no chance to delete them:
What can I do about this?
After 2 days of total desperation... (I should be used being an Apple Dev for some years now...) I finally resolved my problem...
For who is having the same difficulty the problem was I could not see the expired certificates in my Keychain Access and that is because there was the (strange) option "Hide Expired Certificates" in my comp... I changed Mac and had no idea there was this option...
Why someone should want to hide an expired certificate and not just delete it???
Anyway deleting the expired certs and doing all the certificates again on Apple site did the trick!
You have to revoke and have to create new certificate. It clearly says "You must have a valid Mac Application Certificate to create a Provisioning Profile. So you have to generate valid certificate starting from keychain.
I am trying to create certificates that will allow me to send push notifications on my device and I am total lost. I have used certificates for BETA and distribution but adding push notification is pain.
When I do create certificates for BETA testing, I do the following steps.
From keychain, Request a certificate from a certificate authority.
In Apple Provisioning Portal under Certificates, create a certificate uploading file keychain file.
Assume APP ID is created perfectly and devices are ready.
In Apple Provisioning Portal under Provisioning, I create a new profile and download mobile provisioning file to add to the XCode organizer.
That above steps works and I can BETA test. Now in order to enable push notification, I have setup server which is tested with push notification and is 100% working. When I configure for push notification, I need to upload keychain file. Is that the same file I uploaded under Certificates? There is a file in return which I double click and it gets added to the keychain, am I doing it right?
If I understand your question correctly, the answer is no, it should not be the same file. I'll explain the entire process in detail and hopefully that will clarify the situation (and what you need to do next).
When you enable push notifications, you need to do four things:
Create a private/public key pair.
Create a certificate signing request (CSR), signed with your private key.
Submit the CSR to Apple and download a signed certificate.
Create a file containing your certificate and private key, for validating each APN request.
Some points:
I recommend you use different keys for development (sandbox) and production APN. You can re-use the keys if you are sending notifications to different apps, but it is safer if you don't re-use keys between development and production.
The file you "submit" to the provisioning portal is the certificate request. You will have one CSR file for each certificate. You will create a two CSR for each app (bundleID); one for development, one for production. The CSR created with your development key should be submitted for development and the CSR created with your production key should be submitted for production.
Note: Keep the CSR files. You don't have to have them, but it will save you some time when you need to re-send the certificate requests.
After submitting your CSRs, you will be able to download the actual certificates. They aren't ready immediately, so give Apple a minute or so and then refresh your browser. The difference between the CSR and a certificate is important: the certificate is signed by Apple; it validates your ability to send push notifications. Download the certificates and load them into your keychain (double clicking is fine).
Note: the certificate is useless without your private key; so you will need to safely export your private key if you switch computers.
Any computer sending an APN request will need both the private key and the certificate. You can export them as a single .p12 file using Keychain Access. (I name mine MyAppCertKey.p12 to indicate that the file contains both the certificate and the key.)
Last, I wrote up a detailed explanation on testing / verifying communication with Apple's servers (from the terminal). It's a little complicated since you need to have some root certificates set up for openssl to validate against; however, it will tell you if you are communicating correctly with the servers, without requiring any work on the receiving app itself.
Couldn't able to connect to APNS Sandbox server
Hope that helps.
I am an administrator in Apple Developer and my profile is deleted. Now when we create a new provisioning profile it gives the error
valid signing identity matching this profile could not be found in your keychain.
The certificate request in the keychain is resisted with my profile.
I have also developed a new certificate request with a new Apple Developer profile but this also gives the same problem. How can it be solved?
You need to have the little key under your certificate in keychain Access. If you do not you need to revoke your certificates in your developer account and start over
http://developer.apple.com/library/ios/#qa/qa2008/qa1618.html