MDM Server证书,用于与iPhone设备进行SSL握手 [英] MDM Server certificate to be used for SSL handshake with iPhone device
问题描述
我正在尝试在iPhone设备和我的MDM Server之间执行SSL握手。我使用了iPhone配置实用程序(iPCU)并配置了SCEP和MDM。 SCEP工作正常,设备从CA接收颁发的证书。
I am trying to perform SSL Handshake between the iPhone device and my MDM Server. I have used iPhone configuration Utility (iPCU) and configured SCEP and MDM. SCEP works fine, the device receives the issued certificate from the CA.
在MDM Payload中,我使用了主题中的APNS证书主题,并使用端口1234输入了服务器IP。作为身份,我使用了身份SCEP证书。
In the MDM Payload, I have used the subject of the APNS certificate in the topic and entered the server IP with port 1234. As an identity, I have used the identity of the SCEP Certificate.
iPhone生成密钥并成功注册,但是当它尝试通过联系MDM服务器安装配置文件时,我在IPCU控制台中收到此错误:
https的服务器证书:// [IP here]:1234无效
The iPhone generates the key and enrolls successfully, but then when it tries to install the profile by contacting the MDM server, I receive this error in the IPCU console: The server certificate for https://[IP here]:1234 is invalid
在使用C#编程的MDM Server应用程序中.NET抱怨 AuthenticationException:SSPI失败,因为上下文已经过期而无法再使用。所以我的问题是,我的MDM服务器上应该有什么证书 - 是否收到了MDM证书从iOS配置门户,客户的Apple推送证书或SCEP服务器的证书?
In my MDM Server application which is programmed using C#.NET complains that AuthenticationException:the SSPI has failed because the context has expired and can no longer be used. So my question is, what certificate should I have on my MDM server - is it the MDM certificate received from the iOS Provision portal, the Apple push certificate of the customer or the certificate of the SCEP Server?
如果有人能回答这个问题,我将非常感激已花了好几个小时,我无法理解。
If someone could answer this question, I would be really grateful as I Have spent hours and I can't figure it out.
推荐答案
当iOS设备注册您的MDM服务时,它需要知道它正在与正确的ser谈话版本。您的MDM服务器的SSL证书可帮助它执行此操作。此证书与其他Web服务证书一样,并且其CN(通用名称)具有iOS设备用于在MDM服务中注册的URL中使用的名称。例如,如果MDM注册URL为 https://mymdmservice.mydomain.com ,则CN将为 mymdmservice.mydomain.com 。
When an iOS device is registering with your MDM service, it needs to know it is talking to the correct server. Your MDM server's SSL certificate helps it do this. This certificate is just like other web service certificates and will have as its CN (common name) the name used in the URL that the iOS device uses to enroll in your MDM service. For example, if the MDM enrollment URL is https://mymdmservice.mydomain.com the CN would be mymdmservice.mydomain.com.
移动设备需要识别MDM服务的证书签名链。特别是,您可以使用其中一个通常的注册商(例如Verisign或Comodo)颁发的任何证书。
The MDM service's certificate signing chain needs to be recognized by the mobile device. In particular, you could use any certificate issued by one of the usual registrars (e.g., Verisign or Comodo).
您可以使用自签名证书,但您必须将其添加到设备的受信任根证书存储区(请参阅 http://fixmyitsystem.com/2012/01/install- corporate-pki-root-ca-on-ios.html )。
You can use a self-signed certificate, but you would have to add it to the device's trusted root certificate store (see http://fixmyitsystem.com/2012/01/install-corporate-pki-root-ca-on-ios.html).
这篇关于MDM Server证书,用于与iPhone设备进行SSL握手的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
