iosmdmconfiguration-profile

iPhone Configuration Profile encryption

I have a configuration profile with MDM payload and Wifi payload. I have few questions in my mind

  1. What is the difference between Identification Payload and Profile Removal Password Payload. I know that the second one is prompted if the user wants to remove the profile.
  2. Will I be able to have Profile Removal Password Payload for my profile with MDM payload?
  3. How to encrypt my .mobileconfig file? Should I use CA certificate for encrypting the profile?
Solution

  • 1) I think you are talking about identity profile (vs identification profile).

    This profile is to give a device some identity (a certificate and a private keys) which it will use to authenticate itself to the server.

    It could be PKCS12 (which is a format which combines both a cert and a key) or SCEP (which is a protocol to obtain a certificate)

    2) MDM profile is always removable (except a case when device is supervised).

    3) That's exactly where identity payload is used. You should encrypt a profile using a certificate of this device. So, if you need to encrypt a profile and send to 5 different devices, you actually will need to have idetity (certs) for each of these 5 devices and you will need to create 5 copies of this profile and encrypt using each cert.