-
All replies
-
Helpful answers
-
Sep 20, 2013 11:46 AM in response to toddatkuapayby MrHoffman,After loading the new certificates into the OS X Server box, the client devices will have to use the Profile Manager User Portal to load the updates.
Here is the Apple documentation on updating the Profile Manager certificate (HT5358), though you may well have found that document already.
Unfortunately, the users have to navigate to the portal for that, or you'll have to manage a short-notice device swap. (If it were even possible here, I'm not sure I'd want folks loading new certs via email, either...)
If the existing Profile Manager solution doesn't meet your particular needs, then there are alternative MDM solutions around from other vendors, and that are also compatible with the OS X Server and iOS provisioning mechanisms.
{FWIW, this is a user forum and the folks from Apple may or may not see your report. If you have acccess to it, the Apple bugreport tool is a common way to log an enhancement request that the folks from Apple will see.}
-
Sep 20, 2013 11:49 AM in response to MrHoffmanby toddatkuapay,Yes I know that that's the prescribed solution... But for 700+ devices in the field it's ridiculous... I also know that this is a user forum. I am trying to gauge other users experiences... Thanks for your reply.
-
Sep 24, 2013 1:59 PM in response to toddatkuapayby toddatkuapay,I'm guessing Apple's MDM service isn't used that much in a corporate envinronment?
-
Nov 19, 2013 2:48 PM in response to toddatkuapayby Patrick Fist,Hello Everybody,
the code signing certificate is valid for one year if you use the default code signing certificate issued by the local OD.
To sign/encrypt your profiles is import until you have secret information in your profiles like a shared-secret in a VPN configuration profile. When the profile is valid signed at the time of loading into a client this is enaugh.
The configurations wont be lost or dropped by the client.
Apple expect that you put your clients into client groups and that you change profile settings from time to time. In this case it would be enaugh to renew the certifcate 2 month before expiring and change any Profile information on Group basis ... and the clients will be deployed with a new fresh signed profile.
If one year is not enaugh for your needs, feel free to issue a longer valid vertificate from a 3rd party vendor.
I hope my story helped you, understanding the crazy ideas of a apple developer (sure it was a intern when developing the profile service )