> Configuration > Mobility > Welcome to LANDESK Mobility Manager > Getting started with Mobility Manager > Setting up a certificate to sign iOS profiles

Setting up a certificate to sign iOS profiles

When settings or software are pushed to devices through the Apple Push Notification Service (APNS), the device downloads them in a profile. iOS performs a security check to see if the profile has been signed using a certificate and if the device trusts the certificate. When the profile is installed, the device user is informed whether the profile is from a trusted source or not.

You have the option to leave the profile unsigned, sign it with the core certificate, or sign it with a certificate that has been signed by a certificate authority.

IMPORTANT: If you change this option after devices have enrolled, all iOS devices are required to re-enroll.

No signing. When you leave the profile unsigned, the profile may be vulnerable to attacks. Users are notified when they attempt to install the profile that it is not trusted and hasn't been signed.

Core certificate. This uses the existing core certificate to sign the profile. Users are notified when they attempt to install the profile who it has been signed by, but warns them that it is not trusted. The name displayed to the user is the common name associated with the core certificate.

Third-party certificate. When you sign the profile with a signing certificate from a certificate authority, users are notified when they attempt to install the profile that it is signed and trusted. The name displayed to the user is the common name associated with the certificate. The certificate must be in a PKCS#12 format (.pfx or .p12). It can be a wildcard certificate, and it can be the same or a different certificate than one used elsewhere in your environment. If you use the APNS certificate to sign profiles, be aware that it must be replaced every year.

WARNING: You should always replace the signing certificate with a certificate that has the same private key before it expires. If the certificate expires without a replacement, or if the private key changes, you may be required to re-enroll iOS devices.

To set up iOS profile signing

1. From the Management Suite console, click Configure > Device Discovery > Mobility.

2. In the iOS Profile Signing section, choose the desired profile signing option. If you are using a third-party certificate, upload the certificate file and provide the password for the certificate.

3.Click OK.

 


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other