https://stackoverflow.com/questions/22487395
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianI tried to copy the same .der (costomer.der) file too and recompiled the program again. Now it is working fine. Also, I used DNS resolvable name as URI. Now all these are working fine.
Apple MDM Server: Certificate Signature Verification failed
-
16-06-2023 - |
سؤال
I want to create a MDM server to manage my iOS devices. I have enrolled in iOS Enterprise Developer program. And executed the following openSSL commands
"1. Creating Certificate Authority (CA)"
openssl req -new -x509 -extensions v3_ca -keyout cakey.key -out cacert.crt -days 365
"2. Creating the Web Server private key and certificate request"
openssl genrsa 2048 > server.key
openssl req -new -key server.key -out server.csr
"3. Signing the server key with the CA. You'll the CA passphrase from step 1."
openssl x509 -req -days 365 -in server.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out server.crt -extfile ./server.cnf -extensions ssl_server
"4. Creating the device Identity key and certificate request"
openssl genrsa 2048 > identity.key
openssl req -new -key identity.key -out identity.csr
"5. Signing the identity key with the CA. You'll the CA passphrase from step 1."
openssl x509 -req -days 365 -in identity.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out identity.crt
openssl pkcs12 -export -out identity.p12 -inkey identity.key -in identity.crt -certfile cacert.crt
"6. Generating keys and certs for plist generation"
openssl req -inform pem -outform der -in identity.csr -out customer.der
I uploaded the generated identity.csr and got an MDM certificate. With customer.der, AppleWWDRCA.cer, AppleIncRootCertificate.cer, MDM.cer (obtained from iOS Enterprise Developer) and with Identity.p12 I created a Java code to generate encoded plist file. I used this file and got APNSPushCert. It worked fine.
Now the problem is that the IP address of the computer got changed and I don't want to create the new MDM Vendor certificate.
As I understand the only place I mention the IP is server.cnf. I changed the IP in server.cnf and executed all the commands except 4. I placed the identity.key and identity.csr in the same folder before executing. Now every thing works fine but when I upload the encoded plist file for getting APNSPushCert site says Certificate Signature Verification failed.
I really don't understand what went wrong.
المحلول 2
نصائح أخرى
This is something to do with the SSL certificate you are using. It always validates the common name in the device side. You have to use either you domain name or the ip address of your server under common name of SSL certificate. Make sure it doesnt change. If it changes binding it to a DNS will work.
لا تنتمي إلى StackOverflow
