我们正在尝试设置我们自己的内部 iOS MDM 服务器,但我们遇到了一些问题,即根据 Apple 文档,我们看到的内容不一定与我们的预期相符。
按照 Apple 网站上的说明,我们设置了一个网页,用户可以在其中通过单击链接来注册他们的设备。此链接使设备经历“设备注册过程”,如苹果“Over-The-Air Profile Delivery and Configuration”文档的图 1.1 所示:https ://developer.apple.com/library/ios/#文档/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/Introduction/Introduction.html
我们的问题是:在上述文档的第 3 阶段(设备配置)开始之前,我们的功能都按预期运行。但是,当我们查看 Web 服务器和设备之间的流量时,注册流程似乎执行了两次。根据文档,这些是我们希望看到的服务器调用:
/enroll
/scep?operation=GetCACert&message=EnrollmentCAInstance
/scep?operation=GetCACaps&message=EnrollmentCAInstance
/scep?operation=PKIOperation&message=MII.....AAA
然而,实际上,我们看到调用块执行了两次,一个接着一个,看起来是相同的数据。有没有人看到这种行为,这是预期的吗?
一个更紧迫的问题是,在执行第 2 阶段、第 3 步之后,我们将生成的证书传递给设备,设备成功安装。但是,根据文档,此时我们应该从设备获得响应,我们可以使用新的配置文件以及我们想要在设备上设置的设置来回复它。然而,我们从来没有得到那个回应,即使到那时为止的一切似乎都已成功完成。有谁知道为什么没有发送响应,或者当时可能出了什么问题?
提前致谢,
使用 iphone 配置实用程序检索的设备日志:
<Notice>: (Note ) MC: Profile “com.test.profileservice.scep” queued for installation.
<Notice>: (Note ) MC: Checking for MDM installation...
<Notice>: (Note ) MC: ...finished checking for MDM installation.
<Notice>: (Note ) MC: Enrolling in OTA Profile service...
<Error>: Jan 25 16:34:13 SecTrustEvaluate [leaf AnchorTrusted]
<Error>: Jan 25 16:34:14 SecTrustEvaluate [leaf AnchorTrusted]
<Notice>: (Note ) MC: Attempting to retrieve issued certificate...
<Notice>: (Note ) MC: Issued certificate received.
<Notice>: (Note ) MC: Retrieving profile from OTA Profile service...
<Notice>: (Note ) MC: Received final profile: Test Config
<Notice>: (Note ) MC: Beginning profile installation...
<Error>: Jan 25 16:34:17 SecTrustEvaluate [leaf AnchorTrusted]
<Notice>: (Note ) MC: Attempting to retrieve issued certificate...
<Notice>: (Note ) MC: Issued certificate received.
<Notice>: (Note ) MC: Profile “Test Config” installed.
<Error>: Checking for changed log settings
<Error>: valid 0 value 0
<Error>: Verbose logging disabled
<Notice>: (Note ) MC: mc_mobile_tunnel starting.
<Notice>: (Note ) MC: mc_mobile_tunnel shutting down.
发送到 MDM 服务器的完整请求流:
/enroll
/checkin
/scep?operation=GetCACert&message=EnrollmentCAInstance
/scep?operation=GetCACaps&message=EnrollmentCAInstance
/scep?operation=PKIOperation&message=MII.....AAA
/checkin
/scep?operation=GetCACert&message=EnrollmentCAInstance
/scep?operation=GetCACaps&message=EnrollmentCAInstance
/scep?operation=PKIOperation&message=MII.....AAA
添加作为 SCEP 配置的一部分发回的有效负载:
<plist version="1.0">
<dict>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadUUID</key>
<string>Ignored</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadIdentifier</key>
<string>Test Config</string>
<key>PayloadDisplayName</key>
<string>Test Profile:SCEP</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>URL</key>
<string>https://test.com/mdm_scep</string>
<key>Name</key>
<string>EnrollmentCAInstance</string>
<key>Subject</key>
<array>
<array>
<array>
<string>O</string>
<string>Test Organization, Inc.</string>
</array>
</array>
<array>
<array>
<string>CN</string>
<string>test.com</string>
</array>
</array>
</array>
<key>Challenge</key>
<string>DummyChallenge</string>
<key>Keysize</key>
<integer>1024</integer>
<key>Key Type</key>
<string>RSA</string>
<key>Key Usage</key>
<integer>5</integer>
</dict>
<key>PayloadDescription</key>
<string>Provides device encryption identity</string>
<key>PayloadUUID</key>
<string>12345678-1234-1234-1234-123456789012</string>
<key>PayloadType</key>
<string>com.apple.security.scep</string>
<key>PayloadDisplayName</key>
<string>Encryption Identity</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadOrganization</key>
<string>Test Organization, Inc.</string>
<key>PayloadIdentifier</key>
<string>com.test.profileservice.scep</string>
</dict>
</array>
</dict>
</plist>