我处于MDM的最后(丢失)阶段,现在设备正在请求最终配置文件,并且我发送了包含SCEP和MDM有效负载的.mobileconfig文件。 SCEP工作正常,在MDM有效负载中我强制将URL作为HTTPS。安装的证书是自签名的,我也从verisign安装了一些试用证书。现在在安装最终配置文件(特别是MDM有效负载)时,我收到错误,未安装配置文件。我对部署最终配置文件有疑问
1 - 我们是否必须在服务器URL中使用https链接?多次问这个问题真的让我大吃一惊。 2 - 安装MDM有效负载时,我们应该将哪些响应发送回设备? 3 - 我是否面临任何证书问题?
任何人都可以给我带头。请
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>Challenge</key>
<string>XXXXX</string>
<key>Key Type</key>
<string>RSA</string>
<key>Key Usage</key>
<integer>0</integer>
<key>Keysize</key>
<integer>1024</integer>
<key>Name</key>
<string>CA</string>
<key>Subject</key>
<array>
<array>
<array>
<string>O</string>
<string>ABC</string>
</array>
</array>
<array>
<array>
<string>CN</string>
<string>ABC</string>
</array>
</array>
</array>
<key>URL</key>
<string>CA url(http://)</string>
</dict>
<key>PayloadDescription</key>
<string>Configures SCEP</string>
<key>PayloadDisplayName</key>
<string>SCEP (CA)</string>
<key>PayloadIdentifier</key>
<string>com.one.profile.scep1</string>
<key>PayloadOrganization</key>
<string>ABC</string>
<key>PayloadType</key>
<string>com.apple.security.scep</string>
<key>PayloadUUID</key>
<string>XXXXXXXXXXXXX</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<dict>
<key>AccessRights</key>
<integer>2047</integer>
<key>CheckOutWhenRemoved</key>
<false/>
<key>IdentityCertificateUUID</key>
<string>XXXXXXXXXXX</string>
<key>PayloadDescription</key>
<string>Configures MobileDeviceManagement.</string>
<key>PayloadIdentifier</key>
<string>com.one.profile.mdm2</string>
<key>PayloadOrganization</key>
<string>ABC</string>
<key>PayloadType</key>
<string>com.apple.mdm</string>
<key>PayloadUUID</key>
<string>XXXXXXXXXXXXXXXXX</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>ServerURL</key>
<string>https://192.168.1.68/X/check.html</string>
<key>SignMessage</key>
<false/>
<key>Topic</key>
<string>com.apple.mgmt.abc.abcd</string>
<key>UseDevelopmentAPNS</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>This Profile consists of the MDM payload which will control your devices</string>
<key>PayloadDisplayName</key>
<string>MDM Profile</string>
<key>PayloadIdentifier</key>
<string>com.abc.profile</string>
<key>PayloadOrganization</key>
<string>ABC</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>XXXXXXXXXXXXXX</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
答案 0 :(得分:0)
您是否在此过程中从iOS设备获取了日志?如果没有,请这样做。使用iPhone Config Util(iPCU)并在设备注册时查看控制台。
1)是的,你应该使用HTTPS。
3)我建议不要为您的HTTPS服务器使用自签名证书。虽然可以使用此类证书,但您必须将服务器单独发送回设备,并将其发送回MDM配置文件。这比它的价值更麻烦。
至于2 - 你的意思是在办理登机手续时?我建议首先使用iPCU中的控制台日志查看器确保安装MDM配置文件。