User profile for user: John Lockwood
John Lockwood Author
User level: Level 6
13,697 points

How to export an individual profile/mobileconfig

I have a Mac which is enrolled with an MDM and is receiving multiple profiles covering different controls. I want to export one of these profiles to a file ideally as XML. I can export all of them to an XML file as follows.


sudo profiles show -output nameoffile.plist


However I cannot see anyway using the profiles command to only export a specific one.


For what it's worth I have been able to write a script which greps the result of the profiles show command and identifies the unique number of the profile I am after. If it is any help the profile in question is a VPN profile and contains the VPN settings and the VPN certificates.


Note: If you use the profiles show command without an output parameter it merely lists them to standard output in a plain text format - not XML.


I am also looking for a way of identifying the certificates in the Macs keychains that were part of the profile. The information provided by profiles show only includes the name of the p12 which happens match the name as listed in the keychain and also a uuid number of that and also a name an uuid of the included rootCA. However whilst the p12 might possible be found using the name, the rootCA name does not match what it is listed as in the keychain. (The certificates are not exported as part of the XML results using profiles show.)


I could manually download the VPN profile from the MDM and unsign it using Apple Configurator but I am looking for a way to have a script on the Mac automatically convert the information to a Tunnelblick configuration. (Sadly the author of Tunnelblick has not made it able directly to receive profiles from an MDM.) The Mac via a hoped for script therefore needs to take the information it received as a profile and generate a Tunnelblick config file. Clearly all the information is present as it was sent as a profile to the Mac and I can see the certificates in Keychain Access and the other settings are in the massive plist produced from profiles show. It is a matter of pulling them together.


Yes, I could just directly create Tunnelblick configs but then I could not use SCEP for the certificates and not have it automatically receive updates settings from the MDM.

Posted on Apr 3, 2018 8:39 AM

Reply

Similar questions

There are no replies.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How to export an individual profile/mobileconfig

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up