Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: gric
gric Author
User level: Level 1
0 points

OTA certificate problem (Signed Certificate & SCEP)

Hello,


I’m trying to enroll iPhone 3GS devicewithiOS 4.1 to be used with MDM. For SCEP server I use MSCEP in WindowsServer2008. I can't get over "Enrolling Certificate" step because italwaysfails with message “The server certificate forhttps://ipaddress:8443/srv/iphoneis invalid.”

Profile Server : Tomcat 6.x(SSL by publicCA)

IPCU Console log :

Sep 20 16:12:03 btb-iPhone profiled[375]<Warning>: MC|Enrolling in OTA Profile service...

Sep 20 16:12:06 btb-iPhone profiled[375]<Warning>: MC|Connection to https://ipaddress:8443/iphone failed witherror: NSError 0x1cd61df0:

Desc : https://ipaddress:8443/srv/iphone .

US Desc: The server certificate forhttps://ipaddress:8443/srv/iphone is invalid.

Domain : MCHTTPTransactionErrorDomain

Code : 23002

Type : MCFatalError

Params : (

"https://ipaddress:8443/srv/iphone"

)

Sep 20 16:12:06 btb-iPhone profiled[375]<Warning>: MC|Failure occurred while retrieving profile during OTAProfile Enrollment: NSError 0x1cd61df0:

Desc : https://ipaddress:8443/srv/iphone .

US Desc: The server certificate forhttps://ipaddress:8443/srv/iphone is invalid.

Domain : MCHTTPTransactionErrorDomain

Code : 23002

Type : MCFatalError

Params : (

"https://ipaddress:8443/srv/iphone"

)

Sep 20 16:12:06 xxx-iPhone profiled[375]<Warning>: profiled|Idled.

Sep 20 16:12:06 xxx-iPhone profiled[375]<Warning>: profiled|Service stopping.

Sep 20 16:12:06 xxx-iPhone lockdownd[17]<Error>: 2ff6f000 handle_connection: Could not receive internal message#3 from profiled. Killing connection

Sep 20 16:12:06 xxx-iPhonecom.apple.mobile.lockdown[17] <Notice>: Could not receive size of message


Notes


1. Install.mobileconfig

...

<key>PayloadContent</key>

<dict>

<key>URL</key>

<string>https://ip:8443/srv/iphone</string>

<key>DeviceAttributes</key>

<array>

<string>UDID</string>

<string>IMEI</string>

<string>ICCID</string>

<string>VERSION</string>

<string>PRODUCT</string>

</array>

</dict>

...


2. srv/iphone servlet.

...

public void doPost(HttpServletRequestrequest, HttpServletResponse response) throws ServletException{

response.setContentType("application/x-apple-aspen-config");

BufferedInputStreambis = new BufferedInputStream(newFileInputStream("scep.mobileconfig"));

BufferedOutputStreambos = new BufferedOutputStream(response.getOutputStream());

inti=0;

bytebuf[] = new byte[1024];

while((i = bis.read(buf)) != -1){

bos.write(buf,0, i);

}

bis.close();

bos.close();

...

}


3. scep.mobileconfig.

<dict>

<key>PayloadContent</key>

<dict>

<key>Challenge</key>

<string></string>

<key>KeyType</key>

<string>RSA</string>

<key>KeyUsage</key>

<integer>0</integer>

<key>Keysize</key>

<integer>1024</integer>

<key>Name</key>

<string>RootCA</string>

<key>Subject</key>

<array>

<array>

<array>

<string>CN</string>

<string>SERVER-CA</string>

</array>

</array>

</array>

<key>URL</key>

<string>http://scepserverip/certsrv/mscep_admin/</string>

</dict>

iPhone 3GS

Posted on Sep 20, 2011 1:53 AM

Reply
Question marked as Best reply
User profile for user: gric
gric Author
User level: Level 1
0 points

Posted on Sep 21, 2011 10:27 PM

http://support.apple.com/kb/HT4415

View in context
1 reply

OTA certificate problem (Signed Certificate & SCEP)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up