Certificate Signature Verification failed

Question

When I try to upload the certificate to https://identity.apple.com/pushcert/, it tells me the signature is invalid.

I followed step-by-step the Mobile Device Manager documentation and http://www.softhinker.com/in-the-news/iosmdmvendorcsrsigning. I am using C#.NET

The format of the plist_encoded file is correct.

//Load signing certificate from MDM_pfx.pfx, this is generated using signingCertificatePrivate.pem and SigningCert.pem.pem using openssl
var cert = new X509Certificate2(MY_MDM_PFX, PASSWORD, X509KeyStorageFlags.Exportable);
//RSA provider to generate SHA1WithRSA
//Signed private key - PushCertSignature
var crypt = (RSACryptoServiceProvider)cert.PrivateKey;
var sha1 = new SHA1CryptoServiceProvider();
byte[] data = Convert.FromBase64String(csr);
byte[] hash = sha1.ComputeHash(data);
//Sign the hash
byte[] signedHash = crypt.SignHash(hash, CryptoConfig.MapNameToOID("sha1RSA"));
hashedSignature = Convert.ToBase64String(signedHash);

//Read Certificate Chain
String mdm = signCSR.readCertificate(mdmCertificate);
String intermediate = signCSR.readCertificate(intermediateCertificate);
String root = signCSR.readCertificate(rootCertificate);

StringBuilder sb = new StringBuilder(); ;
sb.Append(mdm);
sb.Append(intermediate);
sb.Append(root);

signCSR.PushCertWebRequest(csr, sb.ToString(), hashedSignature);

I am not sure what to place in MDM_pfx.pfx. What I did was that I generated the cst to upload to the enterprise iOS Provisioning portal and I download the certificate generate one.
Then I exported the private key of the CSR I generated and exported it as a .pfx file. This is the file I used.

was this the correct way?

michelle · Accepted Answer

I solved this problem by using: C:\Program Files (x86)\GnuWin32\bin>openssl pkcs12 -export -out mdmapnspfx.pfx - inkey mdmpk.pem -in mdm.pem

The key was incorrect, i was not using mdm.pem certificate by it was self-signed.

Certificate Signature Verification failed

Answers (2)

Related Questions