3.13.4 Procedure for creating a configuration profile on the communication server (when managing iOS devices)
Create a configuration profile on the communication server in order to distribute client certificates to iOS devices. You need to perform this procedure only when managing iOS devices.
- Note
-
A configuration profile stored in the communication server is downloaded to iOS devices after the setup of the communication server is completed when the installation of a smart device agent is performed. To apply an updated configuration profile to iOS devices, on the smart device agent, tap "Communication Server" and "Re-download Configuration Profile" in order, and then download it.
- Organization of this subsection
(1) Procedure when using the iPhone Configuration Utility
Prerequisites
The following procedure is provided based on the iPhone Configuration Utility version 3.6.
Procedure
-
Install the Apple iPhone Configuration Utility.
-
In the left pane of the window, select Library, and then Configuration Profiles. Then, click the New button at the top of the window.
-
Specify the General settings as follows:
Item
Specifiable value
Name
Any
Identifier
Any
Organization
Any
Description
Any
Consent Message
Any
Security
Select With Authentication.
Automatically Remove Profile
Select Never.
-
For the Credentials setting, select the root certificate used for connecting iOS devices to the communication server. Enter the credential name, and then add the root certificate. (This step is required if the root certificate for the communication server is not installed on an iOS device.)
- Tip
-
You can also set root certificates for individual iOS devices.
-
In the Credentials settings, select the client certificate (APNsMDMPushDev.p12) used by iOS devices to connect to the APNs server. Then, enter the credential name and the password for the certificate, and then add the client certificate.
- Tip
-
Even if the client certificate expires, you do not need to update the configuration profile which has been distributed to devices.
-
Specify the Mobile Device Management Settings information as follows:
Item
Specifiable value
Server URL
https://communication-server-host-name:26055/CommunicationServerWeb/ios/server
Check in URL
https://communication-server-host-name:26055/CommunicationServerWeb/ios/checkin
Topic
Set the UID in the Subject DN of the MDM certificate created by using the Apple Push Certificates Portal.
Identity
In the list, select the credential name specified in step 5, which is used for connecting to the APNs server.
Sign messages
Select the check box.
Check Out When Removed
Select the check box.
Access Rights
Select all check boxes.
Apple Push Notification Server
Clear the check box.
-
Click the Export button at the top of the window, select Sign Configuration Profile, and then export the configuration profile.
For the file name, specify mdmprofile.mobileconfig.
-
Store the configuration profile in the following folder on the communication server:
JP1/ITDM2 - SDM (Communication Server)-installation-folder\cms\conf
Related Topics
(2) Procedure when using the configuration profile generation tool
Procedure
-
Start the configuration profile generation tool.
The configuration profile generation tool is stored in the following location:
JP1/ITDM2 - SDM (Communication Server)-installation-folder\cms\bin\sdmgeneratemobileconf.exe
-
Specify the General settings as follows: To update a configuration profile,click the [Import...] button, import the configuration profile to be updated, and then edit it.
Item
Description
Required
Name
Display name of the profile
Y
Identifier
Identifier of the profile
Y
Organization
Organization name of the profile
--
Description
Description of the profile
Y
Consent
Message which is shown when the profile is installed.
--
Security
Select Always.
Y
PayloadUUID
Payload UUID of the configuration profile
Click the Generate button to generate a payload UUID.
Set the payload UUID to the unique value for each communication server in which a configuration profile is installed.
Y
- Legend:
-
Y: Required
--: Optional
You cannot use the characters "<", ">", and "&" as the value of the items.
-
For the Credentials setting, select the client certificate used by iOS devices to connect to the APNs server. Enter the credential name and the password for the certificate, and then add the client certificate.
When you set "Generate password" checked, you can omit the input of the password when performing an installation to an iOS device.
- Tip
-
Even if the client certificate expires, you do not need to update the configuration profile which has been distributed to devices.
-
Specify the Mobile Device Management Settings information as follows:
Item
Specifiable value
Required
Server URL
https://communication-server-host-name:26055/CommunicationServerWeb/ios/server
Y
Check in URL
https://communication-server-host-name:26055/CommunicationServerWeb/ios/checkin
Y
Topic
Set the UID in the Subject DN of the MDM certificate created by using the Apple Push Certificates Portal.
Y
- Legend:
-
Y: Required
-
Click the Generate button, and then export the configuration profile.
For the file name, specify mdmprofile.mobileconfig.
-
Store the configuration profile in the following folder on the communication server:
JP1/ITDM2 - SDM (Communication Server)-installation-folder\cms\conf
Related Topics