user170940
Reputation: 11
Certificate to be used for encryption in iOS MDM
I am facing issue in encrypting the final configuration profile to be sent to the iOS device(Phase 3).
I am using the Bouncy castle library to encrypt my final profile(http://elian.co.uk/post/2009/07/29/Bouncy-Castle-CSharp.aspx).
Questions:
- Which certificate should I use for encrypting the profile, Is it a CA or Server certificate created or Certificate returned after Phase 2(SCEP)?
A code sample would be very helpful.
NOTE: The profile is getting installed successfully without encryption or even if I sign the profile.
Upvotes: 0
Views: 283
Answers (2)
Dilshan
Reputation: 3221
This has to be CMSAlgorithm.DES_EDE3_CBC encrypted from the identity certificate and Base64 encode the result. That result needs to be signed as you did in the previous stage.
Upvotes: 0
Victor Ronin
Reputation: 23268
On the server side you always
- encrypt using device identity cert (which is generated through SCEP or PKCS12)
- sign using Server certificate
Upvotes: 1
Related Questions
- Generating MDM certificate
- MDM Server certificate to be used for SSL handshake with iPhone device
- Identity certificate - IOS MDM
- MDM Vendor creation - Apple Enterprise
- Encrypting mdm profile
- Way to install mdm certificates programmatically in app
- iOS MDM Server SSL Certificate not trusted by device
- encrypt data with untrusted certificate on ios
- iOS MDM profile signing, which certificate to use?
- Distributing certificate and private key to iOS devices