Is there a way to sign a .mobileconfig file created within our application on device? If so what would be the best way to do it? Would an http server on localhost do the trick for example?
Thank you in advance.
Is it possible to sign a .mobileconfig on device?
There are two issues here:
-
Actually signing the file
-
Getting the digital identity required to sign the file
Signing a configuration profile is pretty straightforward. When you look at a signed profile you’ll see that it’s CMS signed data. On macOS you create this using the CMSEncoder API. That API is not available on iOS, so you’d need to write or acquire your own CMS code.
The tricky part is getting the digital identity required to do the signing. For the device to accept the profile it must be signed by a digital identity that the devices trusts. Getting such a digital identity is a challenge outside of a managed environment, and if you’re in a managed environment then there’s no point going through this whole process because you could just have your management system push the profile.
So, why are you trying to sign a configuration profile on device?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"