Management and Security powered by Landesk

Setting up iOS profile certificates

When software or settings are pushed to devices through the Apple Push Notification Service (APNS), the device downloads them in a profile. iOS performs a security check to see if the profile has been signed using a certificate and if the device trusts the certificate. When the profile is installed, the device user is informed whether the profile is from a trusted source or not.

You have the option to leave the profile unsigned, sign it with the core certificate, or sign it with a certificate that has been signed by a certificate authority.

IMPORTANT: If you change this option after devices have enrolled, all iOS devices are required to re-enroll.

No signing. When you leave the profile unsigned, the profile may be vulnerable to attacks. Users are notified when they attempt to install the profile that it is not trusted and hasn't been signed.

Core certificate. This uses the existing core certificate to sign the profile. Users are notified when they attempt to install the profile who it has been signed by, but warns them that it is not trusted. The name displayed to the user is the common name associated with the core certificate.

Third-party certificate. When you sign the profile with a certificate from a certificate authority, users are notified that the profile is signed and trusted. The name displayed to the user is the common name associated with the certificate. The certificate must be in a PKCS#12 format (.pfx or .p12). It can be a wildcard certificate, and it can be a certificate that is used elsewhere in your environment. If you use the APNS certificate to sign profiles, be aware that it must be replaced every year.

WARNING: You should always replace the signing certificate with a certificate that has the same private key BEFORE it expires. If the certificate expires without a replacement, or if the private key changes, you may be required to re-enroll iOS devices.

To set up iOS profile signing

1. From the Endpoint Manager console, click Configure > Device Discovery > Mobility.

2.In the iOS Notification Settings section, click Browse and select the certificate file.

3.Provide the password to the certificate in the Certificate Password text box.

4.Click OK.

For information about obtaining an APNS certificate, see To set up an APNS certificate.


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other