Reputation: 85
Profiles installed by MDM service are showing as "Not Verified" after upgrading the device to iOS 6
Profiles installed by MDM service are showing as "Not Verified" after upgrading the device to iOS 6. These profiles were signed by a InCommon cert issued by AddTrust before being pushed to the devices. They were showing as "Verified" before the upgrade. Any ideas what might have caused this?
Upvotes: 4
Views: 5672
Answers (5)
Reputation: 85
Including the intermediate cert in the pkcs7_sign call (php openssl_pkcs7_sign() in my case) revolved the problem.
Upvotes: 2
Reputation: 151
I have exactly the same problem as your. My chain is GeoTrust -> RapidSSL -> MyCert. I have included the full chain in my .crt, but it stills show "not verified" when I try to install the configuration profil.
I don't know how to insert the whole path.
I use an openssl command to sign my file :
openssl smime -sign -signer #{crt_path} -inkey #{private_key_path} -nodetach -outform der -in #{file_to_sign_path} -out #{file_signed_path}
My crt_path is a .crt file, including the three certs.
EDIT I found out the problem with my openssl command. My full chain was in the #{crt_path} but was not used by the command. I added the *-certfile #{crt_path}* and things works well !
Upvotes: 2
Reputation: 41
Yes! Adding the entire path (-root) did the trick.
Verify that the signature created by the MDM SW actually contains the path. Since it wasn't needed before...
Upvotes: 1
Reputation: 41
I got exactly the same problem so it is probably a bug in the iOS profile system because the very same SSL certificate is trusted by the browser. Note: Our certificate is of the "*.host.org" type.
Upvotes: 3
Reputation: 21
This might be an untrusted CA in the certificate chain from the cert provider you bought it from. Looks like some CAs are untrusted or missing from iOS6. I had the same problem and included the whole of the cert chain in our cert signing bundle and the issue was resolved. Suggest you open a support case with your cert provider to see if it's a known issue or dig around to see if you can find a list of trusted CAs used in iOS6 - I couldn't find one. Synching the device to iTunes may also refresh the CA list but this didn't work for me this time.
Upvotes: 2
Related Questions
- Provisioning Profiles was invalid but Certificate and App ID are valid, why is that
- One of the signing certificates from the MDM profile is expired.
- iOS MDM creation Trust Issue
- Xcode 6 No provisioning profiles with a valid signing identity (i.e. certificate and private key pair) were found
- MDM profile installation failed in iOS sdk
- The Registration Authority's response is invalid
- iPhone Distribution: No profiles currently match
- ios - No unexpired provisioning profiles found that contain any of the keychain's signing certificates
- Unable to Apply iOS MDM Configuration Profile
- The identity certificate for com.xyz.profile.mdm could not be found?