Post

Replies

Boosts

Views

Activity

Reply to Unable to test ACME payload
The step-ca demo server I was using didn't issue a Client Certificate if the Attest is set to false. Below ACME payload is verified to be working in iOS. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>70e4b45e3c1e</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadOrganization</key> <string>NewComp</string> <key>PayloadIdentifier</key> <string>4565353a3a84</string> <key>PayloadDisplayName</key> <string>ACME</string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadContent</key> <array> <dict> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>f84ef110e39b</string> <key>PayloadType</key> <string>com.apple.security.acme</string> <key>PayloadOrganization</key> <string>NewComp</string> <key>PayloadIdentifier</key> <string>f84ef110e39b</string> <key>PayloadDisplayName</key> <string>ACME Configuration</string> <key>DirectoryURL</key> <string>https://acmeserver/acme/acme/directory</string> <key>ClientIdentifier</key> <string>test</string> <key>HardwareBound</key> <true/> <key>KeyType</key> <string>ECSECPrimeRandom</string> <key>KeySize</key> <integer>384</integer> <key>Subject</key> <array> <array> <array> <string>1.2.840.113549.1.9.1</string> <string>test@test.com</string> </array> </array> </array> <key>SubjectAltName</key> <dict> </dict> <key>KeyUsage</key> <integer>5</integer> <key>Attest</key> <true/> </dict> </array> </dict> </plist>
Oct ’22
Reply to Unable to test ACME payload
@maraino Yes, we would be happy to collaborate on this. To summarize, the ACME profile only works i) if the device attestation is set to True. ii) if there's no Common Name present in the Subject of the CSR. We get this below error if we provide a CN. CSR names do not match identifiers exactly: CSR names = [test], Order names = [] We would like to understand how the "Client Identifier" will fit into this picture. Apologies for not getting back immediately. Thanks in advance.
Oct ’22
Reply to Multiple Apps Content Filtering extension IOS 13
Request: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>ca4fc908-8f2a-4dc9-94c4-3f2dd78964e5</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadOrganization</key> <string>MDM</string> <key>PayloadIdentifier</key> <string>com.mdm.20b7610d-0214-4ef1-b1a4-4d9b9b8335e4.iOSPlugin</string> <key>PayloadDisplayName</key> <string>iOS Plugin</string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadContent</key> <array> <dict> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>f94706af-ba40-4fe1-9f7f-d64b3a839645</string> <key>PayloadType</key> <string>com.apple.webcontent-filter</string> <key>PayloadOrganization</key> <string>MDM</string> <key>PayloadIdentifier</key> <string>f94706af-ba40-4fe1-9f7f-d64b3a839645</string> <key>PayloadDisplayName</key> <string>Web Content Filter Policy</string> <key>FilterType</key> <string>Plugin</string> <key>Password</key> <string></string> <key>UserDefinedName</key> <string>MEMDM Filter</string> <key>ServerAddress</key> <string></string> <key>PluginBundleID</key> <string>com.manageengine.mdm.ios</string> <key>FilterSockets</key> <true/> <key>FilterBrowsers</key> <true/> </dict> </array> </dict> </plist> Response: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>InstallProfile;Collection=78</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>4001</integer> <key>ErrorDomain</key> <string>MCInstallationErrorDomain</string> <key>LocalizedDescription</key> <string>Profile Installation Failed</string> <key>USEnglishDescription</key> <string>Profile Installation Failed</string> </dict> <dict> <key>ErrorCode</key> <integer>4001</integer> <key>ErrorDomain</key> <string>MCInstallationErrorDomain</string> <key>LocalizedDescription</key> <string>Profile Failed to Install</string> <key>USEnglishDescription</key> <string>Profile Failed to Install</string> </dict> <dict> <key>ErrorCode</key> <integer>1009</integer> <key>ErrorDomain</key> <string>MCProfileErrorDomain</string> <key>LocalizedDescription</key> <string>The profile “iOS Plugin†could not be installed.</string> <key>USEnglishDescription</key> <string>The profile “iOS Plugin†could not be installed.</string> </dict> <dict> <key>ErrorCode</key> <integer>40000</integer> <key>ErrorDomain</key> <string>MCWebContentFilterErrorDomain</string> <key>LocalizedDescription</key> <string>The Content Filter service encountered an internal error.</string> <key>USEnglishDescription</key> <string>The Content Filter service encountered an internal error.</string> </dict> <dict> <key>ErrorCode</key> <integer>10</integer> <key>ErrorDomain</key> <string>NEConfigurationErrorDomain</string> <key>LocalizedDescription</key> <string>permission denied</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>5d6e2789ce3bf01bbe83776b9735b7176ec550e3</string> </dict> </plist> I have also got an issue regard this . I cant able to apply two plugin webcontent filters of different bundle identifiers to the same device. I have also tried with apple configurator steps too. I have attached the logs received from the device on the request of InstallProfile. Can you help on this?
May ’23