There are two ways to make configuration files: iPhone configuration tool and handwritten XML file. I use the former for the convenience of operation (online it is said that this has been abandoned by Apple, and it seems that it will not affect the file generation).
Open File-Create a new configuration file, mainly involving the following configurations:
At this point, the configuration settings are basically completed. When saving or exporting, you will be prompted to sign the configuration file. Just select None.
We can directly modify this XML file, according to which other required fields can be added to the profile reference. You can also modify it yourself on this basis (it is estimated that it is easy to miss or make mistakes). I still prefer to operate it more conveniently in the iPhone configuration tool.
The configuration file generated above can actually be installed directly on the device. If the installation is successful, the following red prompt "unsigned" will appear.
Signing goes through two operations, one is MDM server signing. Second, sign with the certificate issued by Apple.
The following certificate files are required:
Can be executed at the terminal: OpenSSL mime-sign-in unsigned. Mobile config- external signature. Mobile config- signing server. CRT-inkyserver。 Key-certificate file certificate-chain. Cathode ray tube-transformer-node connection.
(The above is the operation flow of Java background signature, which I didn't verify, so I put it here as a summary of the operation steps).
I guess MDM Sever's signature is only for the authentication of the client and the description of the encryption process of the file, just to let them know each other, and it has nothing to do with whether the iOS system recognizes it or not. So after the above operation, it will also prompt' unsigned'. (This operation can be omitted in the actual test).
The following actions are referenced from the network.
There are several options for this operation, and here I use script signature.
With the help of the powerful github, we found a python script to sign.
1. Sign the mobile configuration.
Profile_signer.py is placed in the same directory as mobileconfig, and the terminal enters this directory for execution.
. /profile_signer.py -n "third-party Mac developer application" signature acrobat pro. mobileconfiguration acrobat pro signed. mobileconfiguration
2. Encrypt mobileconfig
. /profile_signer.py -n "third-party Mac developer application" encrypts Acrobat Pro. MobileConfig Acrobat Pro NC. MobileConfig.
3. Sign and encrypt mobileconfig.
. /profile_signer.py -n "third-party Mac developer application" acrobat pro.mobileconfiguration acrobat probot.mobileconfiguration
"Third-party MAC developer application" is the full name of your certificate in the keychain. Select Certificate => Display Introduction => Copy the quoted common names, such as
"iPhone developer: jakey Shao xxxx@xxx.com"
"iPhone Distribution: tian hu Network Technology Co., Ltd."
669111-ee9c-4db7-bfce-6564cc1b4e1a If you can read the certificate correctly, you will be prompted to allow access to the keychain. Click Allow!
The final installation prompt has been verified.