Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: gric
gric Author
User level: Level 1
0 points

OTA certificate problem (Signed Certificate & SCEP)

Hello,


I’m trying to enroll iPhone 3GS devicewithiOS 4.1 to be used with MDM. For SCEP server I use MSCEP in WindowsServer2008. I can't get over "Enrolling Certificate" step because italwaysfails with message “The server certificate forhttps://ipaddress:8443/srv/iphoneis invalid.”

Profile Server : Tomcat 6.x(SSL by publicCA)

IPCU Console log :

Sep 20 16:12:03 btb-iPhone profiled[375]<Warning>: MC|Enrolling in OTA Profile service...

Sep 20 16:12:06 btb-iPhone profiled[375]<Warning>: MC|Connection to https://ipaddress:8443/iphone failed witherror: NSError 0x1cd61df0:

Desc : https://ipaddress:8443/srv/iphone .

US Desc: The server certificate forhttps://ipaddress:8443/srv/iphone is invalid.

Domain : MCHTTPTransactionErrorDomain

Code : 23002

Type : MCFatalError

Params : (

"https://ipaddress:8443/srv/iphone"

)

Sep 20 16:12:06 btb-iPhone profiled[375]<Warning>: MC|Failure occurred while retrieving profile during OTAProfile Enrollment: NSError 0x1cd61df0:

Desc : https://ipaddress:8443/srv/iphone .

US Desc: The server certificate forhttps://ipaddress:8443/srv/iphone is invalid.

Domain : MCHTTPTransactionErrorDomain

Code : 23002

Type : MCFatalError

Params : (

"https://ipaddress:8443/srv/iphone"

)

Sep 20 16:12:06 xxx-iPhone profiled[375]<Warning>: profiled|Idled.

Sep 20 16:12:06 xxx-iPhone profiled[375]<Warning>: profiled|Service stopping.

Sep 20 16:12:06 xxx-iPhone lockdownd[17]<Error>: 2ff6f000 handle_connection: Could not receive internal message#3 from profiled. Killing connection

Sep 20 16:12:06 xxx-iPhonecom.apple.mobile.lockdown[17] <Notice>: Could not receive size of message


Notes


1. Install.mobileconfig

...

<key>PayloadContent</key>

<dict>

<key>URL</key>

<string>https://ip:8443/srv/iphone</string>

<key>DeviceAttributes</key>

<array>

<string>UDID</string>

<string>IMEI</string>

<string>ICCID</string>

<string>VERSION</string>

<string>PRODUCT</string>

</array>

</dict>

...


2. srv/iphone servlet.

...

public void doPost(HttpServletRequestrequest, HttpServletResponse response) throws ServletException{

response.setContentType("application/x-apple-aspen-config");

BufferedInputStreambis = new BufferedInputStream(newFileInputStream("scep.mobileconfig"));

BufferedOutputStreambos = new BufferedOutputStream(response.getOutputStream());

inti=0;

bytebuf[] = new byte[1024];

while((i = bis.read(buf)) != -1){

bos.write(buf,0, i);

}

bis.close();

bos.close();

...

}


3. scep.mobileconfig.

<dict>

<key>PayloadContent</key>

<dict>

<key>Challenge</key>

<string></string>

<key>KeyType</key>

<string>RSA</string>

<key>KeyUsage</key>

<integer>0</integer>

<key>Keysize</key>

<integer>1024</integer>

<key>Name</key>

<string>RootCA</string>

<key>Subject</key>

<array>

<array>

<array>

<string>CN</string>

<string>SERVER-CA</string>

</array>

</array>

</array>

<key>URL</key>

<string>http://scepserverip/certsrv/mscep_admin/</string>

</dict>

iPhone 3GS

Posted on Sep 20, 2011 1:53 AM

Reply
Question marked as Best reply
User profile for user: gric
gric Author
User level: Level 1
0 points

Posted on Sep 21, 2011 10:27 PM

http://support.apple.com/kb/HT4415

View in context
1 reply

OTA certificate problem (Signed Certificate & SCEP)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up