Posts

Post not yet marked as solved
0 Replies
241 Views
Hello everyone,I am in the process of creating an MDM server.I've read several documents including the MDM protocol reference, and at this point I am a bit stuck because I can find the information I need to get started.I am developing this solution in .NET, but this is unimportant as I seek to understand the process and the concepts rather that looking for specific implementations.So far I know this:I need to create an enrollment profile, which the device needs to have access to, so that it can initiate the enrollment process.This enrollment profile contains a property called CheckInURL that the device will use to contact the MDM server to initiate the enrollment process.So far I've done this:I created a very basic enrollment profile, including the CheckInURL, other basic information, but I DO NOT currently include any certifiacte or signature information.I created a CSR and obtained a certificate via the Apple Developer portal, but I don't know what I need to do with it.Exposed the enrollment profile via HTTPS so that the device can access this URL and downoad the enrollment profile This profile is accepted (although not signed) by the iOS deviceWhen the profile is installed by the device it tries to access the CheckInURL, but I get the following message "Profile installation failed the server certificate for is invalid".My doubts:What certificates are used in the process and what is their specific purpose?What signature/certificate information does neeed to be inluded in the enrollment profile (if any)?I know that payloads need to be signed: What exactly needs to be signed and with wich private key?The same quetion goes for the device side, what key does the device uses to sign payloads? Do I have to pass this from the server side?Thanks!
Posted
by mdmdev1.
Last updated
.