Insert pkcs12 to mobileconfig file

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP


Insert pkcs12 to mobileconfig file



How do I insert a .p12 file in a .mobileconfig file ?


.p12


.mobileconfig



Apple configuration utility currently performs some unknown transformation/encoding on the .p12 file while inserting it in .mobileconfig (It is just an XML file).


.mobileconfig



I want to create this .mobileconfig file without using the Apple iPhone configuration utility by directly creating an XML file.



Thanks




5 Answers
5



One way to accomplish this is base64 encoding the PKCS#12 file. This, for instance, works with PHP


openssl_pkcs12_export( $strCertPEM, $strCertPkcs12, $resKey, $strCertPW );
$arrCertBase64 = str_split( base64_encode($strCertPkcs12), 52);
$xmlUserCertPlist = plistVar('PayloadContent',$arrCertBase64,'data');

function plistVar($key,$var,$type)
{
//...snip...
if ( $type == 'data' ) return plistData($key,$var);
//...snip...
}

function plistData($key,$arr)
{
//...snip...
$xml = "<key>". $key ."</key>n";
$xml .= "<data>n";
foreach ($arr as $val) { $xml .= $val."n"; }
$xml .= "</data>n";
return $xml;
}



If you want to insert the .p12 file inside the iphone configuration file you just have to select the credential tab on the iphone configuration utility of the selected configuration file. When you configure it will ask for the .p12 file to attach on the .mobileConfig File.



I have configuration file created using iphone configuration utility.Following will get changed when you attached the .p12 file into your configuration file.



The following dictionary will get attached to the xml file after the creation of the .mobileconfig file




Password
password_value
PayloadCertificateFileName
certificate_name.p12
PayloadContent

//converted data from the certificate


</data>
<key>PayloadDescription</key>
<string>Provides device authentication (certificate or identity).</string>
<key>PayloadDisplayName</key>
<string>Certificate_name.p12</string>
<key>PayloadIdentifier</key>
<string>company.Identifier</string>
<key>PayloadOrganization</key>
<string>Company name</string>
<key>PayloadType</key>
<string>com.apple.security.pkcs12</string>
<key>PayloadUUID</key>
<string>UUId of the device</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>





Oops, Sorry I didn't ask my question properly. What I actually want to do is create this .mobileconfig file without using the Apple iPhone configuration utility.
– Elison Niven
Mar 1 '12 at 11:42





@ElisonNiven Check the edited code may it will help you.
– Anil Kothari
Mar 1 '12 at 12:32





Yes, I know about the other fields, How do I get the value for <key> PayloadContent? It is not simple base64 of the pkcs12 file.
– Elison Niven
Mar 1 '12 at 13:32



In addition to steps mentioned by Anil, read binary data from pkcs12 certificate and then
encode it using base64 encoding. You can put that data in the xml mentioned by Anil.


<data>base64 encoded data
</data>





What do you exactly mean by read binary data from pkcs12 file?
– Elison Niven
Mar 1 '12 at 13:33





I assumed that you are using some code to generate the xml file. So I mean read pkcs12 file programmatically and then base64 encode it before putting it into xml.
– Nilesh
Mar 1 '12 at 13:35





Yes, But the output is not the same as being generated by ACPU
– Elison Niven
Mar 1 '12 at 14:02





Can you provide some more details about the issue? Are you sure there is no issue with your encoding?
– Nilesh
Mar 2 '12 at 5:18





I am trying to create a VPN profile that contains 2 certificates, 1 for the CA and 1 for the user. I created this profile using ACPU. The CA certificate PayloadContent in the profile created by ACPU is equal to a simple cat ca.crt. I am not able to get how ACPU puts the PayloadContent for the user's certificate. I did base64 encoding using openssl but it does not match. I am pretty sure there are no issues with my encoding.
– Elison Niven
Mar 2 '12 at 6:23


cat ca.crt



I happen to be working through this right now in my current position, deploying scripts to generate n.mobileconfig files for Mac OS workstations.



It helps to reference the official Apple documentation on 802.1X Authentcation, as they do provide an XML template and notes about it.
Also, referenced in many other places is mactls.sh. I used that template to generate my mobileconfigs.



To get the base64 content of the pkcs12 file, cat the existing pkcs12 file into openssl:


B64PK12=$(cat ${PK12} | openssl enc -base64);



Use that variable to interpolate into your XML, provided you are using templates for your mobileconfig files.



I was including both RADIUS CA and the decrypted PKCS12 file contents initially, with only the CA being imported, despite it not being base64 encoded. After base64 encoding both the CA and the pkcs12 contents, both were then added to the specified Keychain.



Hope this helps.



You can use an apple script for creating a mobileconfig with the p12 inside. I've been able to do it and it works great. I'm afraid I can't share the code, but I can say it works.






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

C# - How to create a semi transparent or blurred backcolor on windows form

Image
Clash Royale CLAN TAG #URR8PPP C# - How to create a semi transparent or blurred backcolor on windows form I am creating a Speed Meter to measure my internet speed and stays at top of every app, then I how do I make Its background semi transparent or blurred something like this. You can make ts semi opaque, however i'm not sure you'll easily be able to blur the background – TheGeneral 6 hours ago thanks ! then how do I make it semi opaque – Arwin Chua 6 hours ago Form.Opacity Property – TheGeneral 6 hours ago See th
Read more

Will Oldham

Image
"Palace Music" redirects here. For the racehorse, see Palace Music (horse). Bonnie 'Prince' Billy Will Oldham, June 6, 2009 Background information Birth name William Oldham Also known as Palace Brothers Palace Music Bonnie 'Prince' Billy Born ( 1970-12-24 ) December 24, 1970 (age 47) Louisville, Kentucky, United States Genres Folk alternative country country freak folk [1] Years active 1993–present Labels Drag City, Domino, Spunk Associated acts Dawn McCarthy, The Cairo Gang, Mekons, Matt Sweeney, Mick Turner, Tortoise, Trembling Bells, Harem Scarem, The Picket Line, Alex Neilson, Björk, Slint Website www.bonnieprincebilly.com Will Oldham (born December 24, 1970), better known by the stage name Bonnie 'Prince' Billy , is an American singer-songwriter and actor. From 1993 to 1997, he performed and recorded under variations of the Palace name, including the Palace Brothers, Palace Songs, and Palace Music. After releasing material under his own name,
Read more

Makefile test if variable is not empty

Makefile test if variable is not empty In a makefile I'm trying to I've created this simplified makefile to demonstrate my problem. Neither make a or make b executes the body of the if, I don't understand why not. make a make b .PHONY: a b a: $(eval MY_VAR = $(shell echo whatever)) @echo MY_VAR is $(MY_VAR) $(info $(MY_VAR)) ifneq ($(strip $(MY_VAR)),) @echo "should be executed" endif @echo done b: $(eval MY_VAR = $(shell echo '')) @echo MY_VAR is $(MY_VAR) $(info $(MY_VAR)) ifneq ($(strip $(MY_VAR)),) @echo "should not be executed" endif @echo done I'm using $ make --version GNU Make 3.81 There are several problems, and misunderstandings. Your MY_VAR is a make variable, set it without a <tab> to its value, and no need to $(eval ...) . MY_VAR:=$(shell echo whatever) is enough. No <tab> before $(info ...) neither, this is make – Zelnes
Read more