Hi Larry,
I don’t have any experiences with OpenCA, but have one with Windows Server 2008
Enterprise/Datacenter Edition.
Those with enterprise Active Directory configuration work with iOS MDM in our
production, so you might setup your local IIS server to see what is going on
under the successful enrollment, although tweaking response headers/bodies
might be another work.
> - does the scep have to have any relationship with my mdm server (ie: in
> terms of common root certificate or the cert used to sign the mdm response to
> the iphone in the initial profile request) ?
I don’t think the SCEP certificate is used outside of device authentication/
signature verification context of your MDM service.
MDM enrollment with SCEP requires 2 SCEP requests, one for profile delivery and
one for actual enrollment.
Our IIS logs 2 GetCACert and 1 PKIOperation for one MDM enrollment.
I don’t know actual response contents of those requests though.
Shunpei
2013/09/27 7:34、Larry Davis <lad...@yahoo.com> のメール:
> All,
>
> I'm trying to setup an IOS MDM server and stuck with iphone trying to get the
> CA certificate from the scep. I hope someone with some experience in this
> matter can help me out.
>
> I'm using openca as my scep server with a self signed cert. The scep request
> from the iphone comes in with parameters :
> operation=GetCACert&message=EnrollmentCAInstance, but the iphone does not
> like the response.
>
> Using the sscep tool to test my scep server and i confirm that the CA and RA
> certificates are being sent out in response to the request.
>
> So can someone shed some light on:
>
> - any special headers (mime type et al) that is required by apple in the scep
> GetCACert response ?
> - should the repsonse be a binary response or base64 encoded or any other
> type of format ?
> - does the scep have to have any relationship with my mdm server (ie: in
> terms of common root certificate or the cert used to sign the mdm response to
> the iphone in the initial profile request) ?
> - Anyone know of a public scep server i can access to check what a valid
> GetCACert resopnse looks like ?
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk_______________________________________________
> Openca-Users mailing list
> Openca-Users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openca-users
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
