Thanks for the response Shunpei. I don't have access to IIS so not many
options there J
If you don't mind could you run something like (unix command) : wget -S
http:// <http://%3cyour> <your scep server url>
?operation=GetCACert&message=EnrollmentCAInstance
Or what ever the url is that you see for the GetCACert request.
This should show you all the headers that are being returned by the server.
I just want to know the header names, don't need to know the header values
If you don't have access to wget, you could use the latest chrome or firefox
and the inspect elements feature to see all the response headers when you go
to the url through the browser
Many thanks,
Larry
----------------------------------------------
Hi Larry,
I don?t have any experiences with OpenCA, but have one with Windows Server
2008 Enterprise/Datacenter Edition.
Those with enterprise Active Directory configuration work with iOS MDM in
our production, so you might setup your local IIS server to see what is
going on under the successful enrollment, although tweaking response
headers/bodies might be another work.
> - does the scep have to have any relationship with my mdm server (ie: in
terms of common root certificate or the cert used to sign the mdm response
to the iphone in the initial profile request) ?
I don?t think the SCEP certificate is used outside of device authentication/
signature verification context of your MDM service.
MDM enrollment with SCEP requires 2 SCEP requests, one for profile delivery
and one for actual enrollment.
Our IIS logs 2 GetCACert and 1 PKIOperation for one MDM enrollment.
I don?t know actual response contents of those requests though.
Shunpei
2013/09/27 7:34?Larry Davis <lad...@yahoo.com> ?????
> All,
>
> I'm trying to setup an IOS MDM server and stuck with iphone trying to get
the CA certificate from the scep. I hope someone with some experience in
this matter can help me out.
>
> I'm using openca as my scep server with a self signed cert. The scep
request from the iphone comes in with parameters :
operation=GetCACert&message=EnrollmentCAInstance, but the iphone does not
like the response.
>
> Using the sscep tool to test my scep server and i confirm that the CA and
RA certificates are being sent out in response to the request.
>
> So can someone shed some light on:
>
> - any special headers (mime type et al) that is required by apple in the
scep GetCACert response ?
> - should the repsonse be a binary response or base64 encoded or any other
type of format ?
> - does the scep have to have any relationship with my mdm server (ie: in
terms of common root certificate or the cert used to sign the mdm response
to the iphone in the initial profile request) ?
> - Anyone know of a public scep server i can access to check what a valid
GetCACert resopnse looks like ?
> ----------------------------------------------------------------------
> -------- October Webinars: Code for Performance Free Intel webinars
> can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the
> most from the latest Intel processors and coprocessors. See abstracts
> and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.c
> lktrk_______________________________________________
> Openca-Users mailing list
> Openca-Users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openca-users
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
