8 Replies Latest reply: Jul 8, 2014 2:44 AM by i1Eugen
venkygct Level 1 Level 1 (0 points)

Hi -

 

I'm trying OTA enrollment. I'm using MS-AD for SCEP

1. In step 1 device responds with device details signed by the private key from certificate from apple.

2. In step 2 my profile service sends a message to get a certificate from SCEP (AD) server

3. In step 3 device responds with device details signed by private key from certificate from SCEP server.

4. In step 4 my profile service encrypts the profile with public key from certificate from SCEP server.

 

I'm getting message that the profile can't be decrypted. Exact error message is

"OTA Mobileconfig encryption - profile could not be decrypted - Decryption key for this profile is not installed."

 

Can somebody confirm if format of my encrypted profile is correct.

 

Here is the encrypted profile. The encrypted payload is between <data> tag. The unencrypted version of payload is also listed below.

 

1. Encrypted profile

 

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

        <key>EncryptedPayloadContent</key>

        <data>

 

......Redacted - the encrypted data .....

     

        </data>

       

        <key>PayloadDescription</key>

    <string>Profile description.</string>

        <key>PayloadDisplayName</key>

        <string>MyCompany Test Profile</string>

        <key>PayloadIdentifier</key>

        <string>com.mycompany.profile</string>

        <key>PayloadOrganization</key>

        <string></string>

        <key>PayloadRemovalDisallowed</key>

        <false/>

        <key>PayloadType</key>

        <string>Configuration</string>

        <key>PayloadUUID</key>

        <string>C4BBB40B-1BFB-4CFC-83E1-A1D5270D05D3</string>

        <key>PayloadVersion</key>

        <integer>1</integer>

</dict>

</plist>

 

 

2. payload in plain text. I'm inserting this payload between <data> tag after encryption

 

<array>

                <dict>

                        <key>PayloadDescription</key>

                        <string>Configures device restrictions.</string>

                        <key>PayloadDisplayName</key>

                        <string>Restrictions</string>

                        <key>PayloadIdentifier</key>

                        <string>com.houston.profile.restrictions</string>

                        <key>PayloadOrganization</key>

                        <string></string>

                        <key>PayloadType</key>

                        <string>com.apple.applicationaccess</string>

                        <key>PayloadUUID</key>

                        <string>61FD34AC-F388-44B5-BCD7-C602CB382469</string>

                        <key>PayloadVersion</key>

                        <integer>1</integer>

                        <key>allowAddingGameCenterFriends</key>

                        <false/>

                        <key>allowAppInstallation</key>

                        <false/>

            <key>allowAssistant</key>

                        <false/>

                        <key>allowCamera</key>

                        <false/>

                        <key>allowCloudBackup</key>

                        <false/>

                        <key>allowCloudDocumentSync</key>

                        <false/>

                        <key>allowDiagnosticSubmission</key>

                        <false/>

                        <key>allowExplicitContent</key>

                        <false/>

                        <key>allowGlobalBackgroundFetchWhenRoaming</key>

                        <false/>

                        <key>allowInAppPurchases</key>

                        <false/>

                        <key>allowMultiplayerGaming</key>

                        <false/>

                        <key>allowPhotoStream</key>

                        <false/>

                        <key>allowSafari</key>

                        <false/>

                        <key>allowScreenShot</key>

                        <false/>

            <key>allowUntrustedTLSPrompt</key>

                        <false/>

                        <key>allowVideoConferencing</key>

                        <true/>

                        <key>allowVoiceDialing</key>

                        <false/>

                        <key>allowYouTube</key>

                        <false/>

                        <key>allowiTunes</key>

                        <false/>

                        <key>forceEncryptedBackup</key>

                        <false/>

                        <key>forceITunesStorePasswordEntry</key>

                        <false/>

                        <key>ratingApps</key>

                        <integer>1000</integer>

                        <key>ratingMovies</key>

                        <integer>1000</integer>

                        <key>ratingRegion</key>

                        <string>us</string>

                        <key>ratingTVShows</key>

                        <integer>1000</integer>

                </dict>

</array>


iPad 2, MS-AD for SCEP server