I have a webapp (frontend JS / backend PHP) that generates some MDM iOS configuration profiles (*.mobileconfig) programmatically.
Website users enter some informations, call my PHP api, and my PHP backend generates a configuration profile "on-the-fly" with the user-specific data, save it on the server, and return back the URL of the generated profile, so the user can click this link and install it on its iOS device.
In short: this profile contains in its payload only a webclip (safari shortcut).
Everything works fine, the configuration profile link opens the iOS Settings app that asks the user to install this profile on its device.
My problem is that this programmatically generated profile is not signed. So the user is warned by iOS that the profile is not signed and he must do several additional actions to confirm the profile installation.
I would like that the generated profiles to be signed, so the user can install them more easily and quickly.
I read some ressources about signing configuration profiles, by I don't understant everything, I din't have any skills about signing, certificates etc.
That's not clear for me!
Any help appreciated, thanks in advance!
Yes you can. Also with PHP.
How?
Save the profile you want to sign to a temp file:
file_put_contents ($tmp_file_name, $profile_data);
Sign the file you have just created:
$data = shell_exec ("openssl smime -sign -in $tmp_file_name {add here another parameters you need...}");
Send the data to the client:
echo $data;
Delete the tmp file...
unlink ($tmp_file_name);