我正在为我自己的组织开发 MDM 解决方案。使用imdmtools提到的python创建了一个iOS MDM测试服务器,根据softthinker生成推送证书。
这是证书详细信息:
- 供应商:有一个企业开发者计划,“MDM CSR”类型证书可以在苹果开发者中心找到,下载为“mdm.cer”。
- 客户:和供应商一样,我在托管我的 MDM 服务器的 Windows 2008 IIS 中生成。客户 CSR 是通过 support.citrix.com/proddocs/topic/xmob-dm-8/xmob-dm-connect-create-p12-apns-iis-tsk.html 中提到的方法生成的。
cert文件创建成功,可以导入keychain,导出p12格式。我将其转换为 PEM 格式:
- 在钥匙串访问中找到证书
- 导出到 .p12 文件
转换为 .pem
openssl pkcs12 -in OrigPushCert.p12 -out PushCert.pem剥离密码
openssl rsa -in PushCert.pem -out PushKeyNoPass.pem在文本编辑器中打开 PushCert.pem
- 将加密的“RSA 私钥”部分替换为 PushKeyNoPass.pem 的内容
- 把它存起来
.mobileconfig 文件包含 MDM 有效负载:
- 使用服务器证书 identify.p12
- 推送服务:开发模式
- 主题:com.apple.mgmt.External.e8154c51-4788-44bc-8c23-a2669####f9c
毕竟,设备可以通过https正确注册,服务器可以从设备接收Device Token,Push Magic,Unlock Token。但是当服务器发送 MDM push message:{"mdm" : "PushMagic String>"}时,设备没有收到它。IPCU 设备日志显示:
Jun 13 16:26:13 unknown MobileSafari[374] <Warning>: webFrameLoader
Jun 13 16:26:16 unknown MobileSafari[374] <Warning>: webFrameLoader
Jun 13 16:26:16 unknown profiled[1394] <Notice>: (Note ) MC: Profile “-c-o-m-.-c-i-t-e-c-h-.-m-d-m-.-p-r-o-f-i-l-e” -q-u-e-u-e-d -f-o-r -i-n-s-t-a-l-l-a-t-i-o-n-.
Jun 13 16:26:18 unknown profiled[1394] <Notice>: (Note ) MC: Checking for MDM installation...
Jun 13 16:26:18 unknown profiled[1394] <Notice>: (Note ) MC: ...finished checking for MDM installation.
Jun 13 16:26:18 unknown profiled[1394] <Notice>: (Note ) MC: Beginning profile installation...
Jun 13 16:26:20 unknown keybagd[1403] <Notice>: MS:Notice: Installing: (null) [keybagd] (690.10)
Jun 13 16:26:22 unknown profiled[1394] <Notice>: (Note ) profiled: Device unlock notification received
Jun 13 16:26:22 unknown kernel[0] <Debug>: AppleKeyStore:Sending lock change
Jun 13 16:26:22 unknown profiled[1394] <Notice>: (Note ) MC: Profile “-c-o-m-.-c-i-t-e-c-h-.-m-d-m-.-p-r-o-f-i-l-e” -i-n-s-t-a-l-l-e-d-.
Jun 13 16:26:22 unknown mc_mobile_tunnel[1409] <Notice>: (Note ) MC: mc_mobile_tunnel starting.
Jun 13 16:26:23 unknown mc_mobile_tunnel[1409] <Notice>: (Note ) MC: mc_mobile_tunnel shutting down.
Jun 13 16:26:23 unknown mdmd[1405] <Notice>: MS:Notice: Installing: com.apple.managedconfiguration.mdmd [mdmd] (690.10)
Jun 13 16:26:24 unknown mdmd[1405] <Notice>: (Note ) MDM: mdmd starting...
Jun 13 16:26:24 unknown mdmd[1405] <Notice>: (Note ) MDM: Looking for managed app states to clean up
Jun 13 16:26:24 unknown apsd[95] <Warning>: <APSConnectionServer: 0xd622270>: connection set enabled topics {(
"com.apple.mgmt.External.e8154c51-4788-44bc-8c23-a26695####9c"
)}
Jun 13 16:26:24 unknown apsd[95] <Warning>: <APSCourier: 0x11dcb0>: Sending filter message for enabled hashes {
<10f79d78 c6984a13 f9fc677a 4556fc35 73249ead> = "com.apple.mgmt.External.e8154c51-4788-44bc-8c23-a26695####9c";
<141b878f 22242638 a132b5ba 96284394 eb258b67> = "com.citech.mdm.pushtest";
} and ignored hashes {}
Jun 13 16:26:24 unknown com.apple.launchd[1] <Warning>: (com.apple.managedconfiguration.mdmd) Check-in of Mach service failed. Already active: com.apple.managedconfiguration.mdmdpush-dev
Jun 13 16:26:24 unknown mdmd[1405] <Warning>: Unable to bootstrap_check_in() to namedDelegatePort 'com.apple.managedconfiguration.mdmdpush-dev'. APS connections will not persist past process lifetime.
Jun 13 16:26:24 unknown apsd[95] <Warning>: <APSConnectionServer: 0xd61b820>: Initializing connection server with environmentName 'development' and connectionPortName '(null)'
Jun 13 16:26:24 unknown com.apple.launchd[1] <Warning>: (com.apple.managedconfiguration.mdmd) Check-in of Mach service failed. Already active: com.apple.managedconfiguration.mdmdpush-prod
Jun 13 16:26:24 unknown mdmd[1405] <Warning>: Unable to bootstrap_check_in() to namedDelegatePort 'com.apple.managedconfiguration.mdmdpush-prod'. APS connections will not persist past process lifetime.
Jun 13 16:26:24 unknown apsd[95] <Warning>: <APSConnectionServer: 0x121fa0>: Initializing connection server with environmentName 'production' and connectionPortName '(null)'
Jun 13 16:26:24 unknown apsd[95] <Warning>: <APSConnectionServer: 0xd61b820>: connection set enabled topics {(
"com.apple.mgmt.External.e8154c51-4788-44bc-8c23-a26695####9c"
)}
Jun 13 16:26:24 unknown mdmd[1405] <Notice>: (Note ) MDM: Network reachability has changed.
Jun 13 16:26:24 unknown mdmd[1405] <Notice>: (Note ) MDM: Network reachability has changed.
Jun 13 16:26:24 unknown mdmd[1405] <Notice>: (Note ) MDM: Telling MDM Check-In Server about new device token.
Jun 13 16:26:24 unknown apsd[95] <Warning>: <APSConnectionServer: 0xd62a150>: Initializing connection server with environmentName 'development' and connectionPortName '(null)'
Jun 13 16:26:24 unknown apsd[95] <Warning>: <APSCourier: 0x11dcb0>: Removing connection server <APSConnectionServer: 0xd62a150>
Jun 13 16:26:24 unknown apsd[95] <Warning>: Interface manager: WWAN radio power level notification; DCH status changed to active
Jun 13 16:26:24 unknown apsd[95] <Warning>: Calculated minimum fire date [2013-06-13 16:29:31 +0800] (54%) with fire date [2013-06-13 16:36:26 +0800], start date [2013-06-13 16:21:24 +0800], minimum early fire proportion 0, power state detection supported: yes, in high power state: yes
Jun 13 16:26:24 unknown apsd[95] <Warning>: Calculated minimum fire date [2013-06-13 16:34:23 +0800] (54%) with fire date [2013-06-13 16:42:49 +0800], start date [2013-06-13 16:24:28 +0800], minimum early fire proportion 0, power state detection supported: yes, in high power state: yes
Jun 13 16:26:25 unknown mdmd[1405] <Notice>: (Note ) MDM: Transaction completed. Status: 200
Jun 13 16:26:25 unknown mdmd[1405] <Notice>: (Note ) MDM: Telling MDM Check-In Server about new device token.
Jun 13 16:26:25 unknown apsd[95] <Warning>: <APSConnectionServer: 0xd624a20>: Initializing connection server with environmentName 'development' and connectionPortName '(null)'
Jun 13 16:26:25 unknown apsd[95] <Warning>: <APSCourier: 0x11dcb0>: Removing connection server <APSConnectionServer: 0xd624a20>
Jun 13 16:26:25 unknown mdmd[1405] <Notice>: (Note ) MDM: Transaction completed. Status: 200
Jun 13 16:26:25 unknown mdmd[1405] <Notice>: (Note ) MDM: Telling MDM Check-In Server about new device token.
Jun 13 16:26:25 unknown apsd[95] <Warning>: <APSConnectionServer: 0xd624a20>: Initializing connection server with environmentName 'development' and connectionPortName '(null)'
Jun 13 16:26:25 unknown apsd[95] <Warning>: <APSCourier: 0x11dcb0>: Removing connection server <APSConnectionServer: 0xd624a20>
Jun 13 16:26:25 unknown mdmd[1405] <Notice>: (Note ) MDM: Transaction completed. Status: 200
Jun 13 16:26:27 unknown mdmd[1405] <Notice>: (Note ) MDM: mdmd stopping...
Jun 13 16:26:27 unknown apsd[95] <Warning>: <APSCourier: 0x11dcb0>: Removing connection server <APSConnectionServer: 0xd61b820>
Jun 13 16:26:27 unknown apsd[95] <Warning>: <APSCourier: 0x119eb0>: Removing connection server <APSConnectionServer: 0x121fa0>
Jun 13 16:26:29 unknown apsd[95] <Warning>: Canceling system wake for [2013-06-13 16:42:34 +0800]
Jun 13 16:26:29 unknown apsd[95] <Warning>: Resuming push keep alive timer in normal mode with action PCActionMaintainPushKeepAliveInterval
将 .mobileconfig 推送服务更改为生产模式,仍然无法接收。我使用 github.com/notnoop/java-apns 来模拟 MDM 推送,什么也没发生。我不认为推送消息或 .mobileconfig 文件有错误,也许证书文件有问题。
如果有人可以提供一些帮助或暗示,那将是一个很大的善意。我已经花了几天的时间......谢谢。