Hi there. I have implemented a basick enrollment server using scep outlined in the guide here: https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/OTASecurity/OTASecurity.html#//apple_ref/doc/uid/TP40009505-CH3-SW1
I believe it is working as on my iOS device it successfully works through all the phases of enrollment and results in a device certificate being generated and delivered to the device which the device uses to sign the profile request to retrieve the final configuration profile. The device installs the configuration profile and everything is great.
What I am having an issue understanding is, how would the device request and update to the existing profile? I have tried revisiting the /enroll link again but the device does not use the certificate I generated and it received previously to sign the subsequent request to the /profile url and instead uses it's default Apple cert. Because of this, on the server side it appears it is a device trying to enroll for the first tiime instead of requesting an updated config. Is there a specific way the device should be requesting an updated configuration profile?
Additionally, as the device goes through the enrollment process again and goes to install the configuration profile again, I get prompted for things that are missing in the configuration payloads such as password, exchange server, email server even though I filled those in the first time the configuration profile was installed. Is this just how it is? I would have thought I would have only needed to provide input for things that were new or updated in the payloads or do I have to configure everything (password, exchange server, email server, etc...) each time the configuration payload is updated and installed?
Thanks
