Currently Being ModeratedApr 27, 2011 2:49 AM (in response to Mr. Schmidt)
Hi Mr. Schmidt,
Took me almost a year to work out, but....
The certificate format in the mobileconfig is a standard pfx, encoded in base64... If you've got the PFX file, you need to encode it in base64, strip the first and last lines of the file (depending on which tool you use for the conversion), and add it into the .mobileconfig file.. If you're using powershell anyway, you can use the following lines, assuming that the pfx is called alginald.pfx, and you will be outputting to alginald.mobileconfig...
certutil -encode alginald.pfx alginald.enc
$content = gc alginald.enc
$new-content=$content[(1..($content.length - 2)]
add-content alginald.mobileconfig -value $newcontent -encoding UTF8
Note that when adding content to the file with the add-content command, you should always specify -encoding UTF8 at the end
(I wasted months on tracking this down, because the certificate data exported by the iPCU was a little bit different than the same certificate encoded or format changed with openssl or certutil. I finally bit the bullet, and just tried it, and it worked a dream)
Virtual beers appreciated...
Currently Being ModeratedJun 20, 2011 2:27 AM (in response to Alginald99)
I tried to combine both of the above. I would like to create a powershell script which send out an email to a user containing our WIFI configuration. It should include WIFI settings, a Root certifcate and an User certificate.
So I created a template mobileconfig, with these settings and my own personal certificate with the iPhone Config Util.
Then I use powershell to replace the user Cert data using the code of Alginald99. So far so good.
When I run the PS script I get an email containing the mobileconfig. When I try to install it, the iPhone says that the profile can't be installed because the password for the certifcate (null) is not okay.
In my template config I only change the User's display name and the certificate data.
I export the PFX from Active Directory, If I import the PFX manually it works ok with the password as expected.
I hope someone can help me out on this one.
Currently Being ModeratedJun 21, 2011 4:39 AM (in response to mories)
Has your certificate got a subject? I had this problem when the certificate subject was empty, even though we were filling the Subject Alternate Name field correctly as per RFC.
Currently Being ModeratedJul 6, 2011 10:02 AM (in response to Alginald99)
I tried following your steps without success:
1. Get the PFX file
2. base64 encode it
3. The string that I get is nothing like the string that iPCU outputs as the .mobileconfig file.
If you can, please answer here or in here (I opened a topic for my issue): https://discussions.apple.com/message/15554786
An email would also be great: bar at jungo dot com
Thanks a lot!