You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: gric
gric Author
User level: Level 1
8 points

OTA certificate problem (Signed Certificate & SCEP)

Hello,


I’m trying to enroll iPhone 3GS devicewithiOS 4.1 to be used with MDM. For SCEP server I use MSCEP in WindowsServer2008. I can't get over "Enrolling Certificate" step because italwaysfails with message “The server certificate forhttps://ipaddress:8443/srv/iphoneis invalid.”

Profile Server : Tomcat 6.x(SSL by publicCA)

IPCU Console log :

Sep 20 16:12:03 btb-iPhone profiled[375]<Warning>: MC|Enrolling in OTA Profile service...

Sep 20 16:12:06 btb-iPhone profiled[375]<Warning>: MC|Connection to https://ipaddress:8443/iphone failed witherror: NSError 0x1cd61df0:

Desc : https://ipaddress:8443/srv/iphone .

US Desc: The server certificate forhttps://ipaddress:8443/srv/iphone is invalid.

Domain : MCHTTPTransactionErrorDomain

Code : 23002

Type : MCFatalError

Params : (

"https://ipaddress:8443/srv/iphone"

)

Sep 20 16:12:06 btb-iPhone profiled[375]<Warning>: MC|Failure occurred while retrieving profile during OTAProfile Enrollment: NSError 0x1cd61df0:

Desc : https://ipaddress:8443/srv/iphone .

US Desc: The server certificate forhttps://ipaddress:8443/srv/iphone is invalid.

Domain : MCHTTPTransactionErrorDomain

Code : 23002

Type : MCFatalError

Params : (

"https://ipaddress:8443/srv/iphone"

)

Sep 20 16:12:06 xxx-iPhone profiled[375]<Warning>: profiled|Idled.

Sep 20 16:12:06 xxx-iPhone profiled[375]<Warning>: profiled|Service stopping.

Sep 20 16:12:06 xxx-iPhone lockdownd[17]<Error>: 2ff6f000 handle_connection: Could not receive internal message#3 from profiled. Killing connection

Sep 20 16:12:06 xxx-iPhonecom.apple.mobile.lockdown[17] <Notice>: Could not receive size of message


Notes


1. Install.mobileconfig

...

<key>PayloadContent</key>

<dict>

<key>URL</key>

<string>https://ip:8443/srv/iphone</string>

<key>DeviceAttributes</key>

<array>

<string>UDID</string>

<string>IMEI</string>

<string>ICCID</string>

<string>VERSION</string>

<string>PRODUCT</string>

</array>

</dict>

...


2. srv/iphone servlet.

...

public void doPost(HttpServletRequestrequest, HttpServletResponse response) throws ServletException{

response.setContentType("application/x-apple-aspen-config");

BufferedInputStreambis = new BufferedInputStream(newFileInputStream("scep.mobileconfig"));

BufferedOutputStreambos = new BufferedOutputStream(response.getOutputStream());

inti=0;

bytebuf[] = new byte[1024];

while((i = bis.read(buf)) != -1){

bos.write(buf,0, i);

}

bis.close();

bos.close();

...

}


3. scep.mobileconfig.

<dict>

<key>PayloadContent</key>

<dict>

<key>Challenge</key>

<string></string>

<key>KeyType</key>

<string>RSA</string>

<key>KeyUsage</key>

<integer>0</integer>

<key>Keysize</key>

<integer>1024</integer>

<key>Name</key>

<string>RootCA</string>

<key>Subject</key>

<array>

<array>

<array>

<string>CN</string>

<string>SERVER-CA</string>

</array>

</array>

</array>

<key>URL</key>

<string>http://scepserverip/certsrv/mscep_admin/</string>

</dict>

iPhone 3GS

Posted on Sep 20, 2011 1:53 AM

Reply
Question marked as Top-ranking reply
User profile for user: gric
gric Author
User level: Level 1
8 points

Posted on Sep 21, 2011 10:27 PM

http://support.apple.com/kb/HT4415

View in context
1 reply

OTA certificate problem (Signed Certificate & SCEP)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up