Configuration Profile with MDM Payload not getting installed to the device - ios

Did anybody can tell me what's the reason for that Configuration Profile with MDM Payload not getting installed using IPCU.
How to deal with it?

perhaps a bit old but your MDM server url must be a valid HTTPS URL with a cert from a trusted source, self signed certs will not work.

View the console for the device in iPCU. This may help you to track down the cause of your issue.

Self-signed ssl will work and while generating self-signed ssl certificate in server side,generate identity.p12 certificate and this certificate you need to use in identity section of IPCU and see this and this also.
Please verify again.

Related

Xcode download: "The certificate for this server is invalid"

Is anyone other then me getting this error trying to download the docs in Xcode 6?
Could not download and install iOS 8.1. The certificate for this server is invalid. You might be connecting to a server that is pretending to be “devimages.apple.com” which could put your confidential information at risk.
Here's a screenshot:
You can use Keychain Access to change the trust for the cert from Use System Default to Always Trust. For me it was the cert a248.e.akamai.net. After downloading the docs I switched it back to Use System Defaults. Or you can wait for Apple to correct the mistake.
In my case I solved this problem adding the certificate to my keychain, you can download from this site and configure the trust option in Always Trust
I can confirm the workaround. Seems like Apple has forgotten to renew this certificate.
I got exactly the same problem, try investigate using google chrome browser.
It's turn out that the provided certificate! is not match URL itself.
Could be apple web administrator mess.

Certificate issue after migrate from HTTP to HTTPS

I am working on mobile HTML5 site using HTML5/JQueryMobile and server is in php. I changed sever settings from HTTP to HTTPS but now from my mobile it shows these type of error
[Error] Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “www.example.com” which could put your confidential information at risk.
when using in IPhone 5 with IOs 7.1.2.
How to handle that issue. What things i have to do?
For us this happened with the update to iOS 13. The requirements for trusted certificates changed, so we needed to adjust the certificate.
See the official page of Apple
You are using a self-signed certificate. Thus your iPhone doesn't trust your certificate.
Either add the certificate to your iPhone as a trusted certificate. (recommended)
Or create a official certificate from a trusted authority. (recommended for production usage)
Or make requests and allowing insecure (self-signed) certificates. (not really recommended, but might be the fastest solution)

Why is my server certificate being rejected?

I am trying to connect my app to a server using TLS 1.2. The server is using a certificate that has been signed by a self-signed CA certificate that is already installed on the device (I emailed the CA certificate to myself, tapped it. Now it shows up under Settings -> General -> Profiles). This was previously working in my app, but we have changed the CA certificate we're using so I've updated the server's certificate as well. Now I'm getting SSL failures.
The error I'm seeing is errSSLXCertChainInvalid from my call to SSLHandshake on the client. As far as I can tell, the server certificate should be valid. openssl verify -CAfile ca-cert.pem server-cert.pem returns OK, and that ca-cert.pem is the same CA certificate I've installed on the device.
Any ideas? Thanks!
There's some information in apple's documentation regarding this error:
errSSLXCertChainInvalid — The peer has an invalid certificate chain; for example, signature verification within the chain failed, or no certificates were found.
And if you use SSLSetPeerDomainName:
You can use this function to verify the common name field in the peer’s certificate. If you call this function and the common name in the certificate does not match the value you specify in the peerName parameter, then handshake fails and returns errSSLXCertChainInvalid.
I'd suggest uninstalling your device configuration profile, and creating a new one.
Also, it might be a good idea to check if you can access the server without errors from, say, a web browser. This will reveal if there is a problem with the certificate, or just your configuration profile on your iOS device.

The identity certificate for mdm profile could not be found

I was trying to develop a MDM solution for iOS and I would like to test MDM with both methods of distributing device identity via PKCS12 and SCEP. Currently I am doing it using PKCS12, so here is what I am doing:
Send a Profile Service profile to the device asking its device id, IMEI, Version etc.
Device responds with the requested attribute - signed using the Apple Provided Certificate.
I now issue a PKCS12 certificate to the device using the credentials payload.
Device responds again with its attributes - this time signed using the above certificate.
I deliver an MDM payload setting the IdentityCertificateUUID to the payload UUID of the certificate issued in step 3.
I get profile could not be installed. Upon examining the logs, I found out the error The identity certificate for mdm profile com.mdm.xyz could not be found.
If at Step 5, I issue the MDM profile with a new certificaate included in the payload everything works. I am not sure if this is the right way to issue another certificate. I was thinking to utilize the same certificate issued at Step 3.
I think I am doing something wrong here and this may not be the correct way. Any help would be much appreciated. Thanks.
You can pass in step 5 the same certificate that you use in step 3. In such case MDM profile is installed successfully.

How to install my server's self-signed certificate on an iPad

Is there a way to install my own self-signed SSL certificate on my iPad? Presumably I can get the .crt via Dropbox or email, but then what do I do with it? Is there an easier way to get the .crt than that (from a PC)?
This might help found this Apple Support post:
I would import the cert on a desktop system through Firefox, then export with private key in .p12 form. Email the resulting cert and you should be all set.
http://discussions.apple.com/thread.jspa?threadID=2652502&tstart=0
This is very easy . You can just put your certificate in your server where it can be accessed via a browser. Than just visit the location in your browser Eg. Safari in ipad just click on the certificate.

Resources