最佳损友粤语 下载:描述配置文件(?.mobileconfig)
来源:百度文库 编辑:偶看新闻 时间:2024/04/26 17:39:45
配置描述文件是XML 文件,包含以下内容:设备安全策略、VPN 配置信息、Wi-Fi 设置、APN 设置、Exchange帐户设置、邮件设置以及允许 iPhone 和 iPod touch 与企业系统配合使用的证书。
下面这个文章大致介绍了下配置描述文件从生成到安装的过程:
Over-the-air IPhone Setup Using aSigned .mobileconfig File
Note: this does not push your configuration to an iPhone. Theuser of the iPhone must go to a web address and install aconfiguration profile.
opensslsmime
" to sign your .mobileconfig file, but no one seems totell you how. We'll go over that here as well.
1) Create a configuration(.mobileconfig) file
Your .mobileconfig file will end up looking something likethis:
PayloadContent
PayloadDisplayName
LDAP Settings
PayloadType
com.apple.ldap.account
PayloadVersion
1
PayloadUUID
6df7a612-ce0a-4b4b-bce2-7b844e3c9df0
PayloadIdentifier
com.example.iPhone.settings.ldap
LDAPAccountDescription
Company Contacts
LDAPAccountHostName
ldap.example.com
LDAPAccountUseSSL
LDAPAccountUserName
uid=username,dc=example,dc=com
LDAPSearchSettings
LDAPSearchSettingDescrip tion
Company Contacts
LDAPSearchSettingSearchB ase
LDAPSearchSettingScope
LDAPSearchSettingScopeSu btree
LDAPSearchSettingDescrip tion
Sales Departments
LDAPSearchSettingSearchB ase
ou=Sales,dc=example,dc=com
LDAPSearchSettingScope
LDAPSearchSettingScopeSu btree
PayloadDisplayName
Email Settings
PayloadType
com.apple.mail.managed
PayloadVersion
1
PayloadUUID
362e5c11-a332-4dfb-b18b-f6f0aac032fd
PayloadIdentifier
com.example.iPhone.settings.email
EmailAccountDescription
Company E-mail
EmailAccountName
Full Name
EmailAccountType
EmailTypeIMAP
EmailAddress
username@example.com
IncomingMailServerAuthen tication
EmailAuthPassword
IncomingMailServerHostNa me
imap.example.com
IncomingMailServerUseSSL
IncomingMailServerUserna me
username@es2eng.com
OutgoingPasswordSameAsIn comingPassword
OutgoingMailServerAuthen tication
EmailAuthPassword
OutgoingMailServerHostNa me
smtp.example.com
OutgoingMailServerUseSSL
OutgoingMailServerUserna me
username@example.com
PayloadOrganization
Your Organization's Name
PayloadDisplayName
Organization iPhone Settings
PayloadVersion
1
PayloadUUID
954e6e8b-5489-484c-9b1d-0c9b7bf18e32
PayloadIdentifier
com.example.iPhone.settings
PayloadDescription
Sets up Organization's LDAP directories and email on the iPhone
PayloadType
Configuration
uuidgen
. You'llnotice that I did not include any passwords above. With thesesettings, the iPhone will prompt the user for their e-mail passwordupon installation of the profile. (The LDAP password will beprompted on first use if logging in fails.)
Sign the .mobileconfigfile
For this step, I'll use the following notations:
company.mobileconfig
is your unsignedconfiguration profileserver.crt
is your server's certificate to signthe profile withserver.key
is your server's private keycert-chain.crt
is the certificate bundle for theCA that issued your server's certificate.signed.mobileconfig
will be your signedconfiguration profile
openssl smime -sign -in company.mobileconfig -outsigned.mobileconfig -signer server.crt -inkey server.key -certfilecert-chain.crt -outform der -nodetach
The -outform der
and -nodetach
areyour real tickets here in getting it into a form that the iPhonewants. Now you take signed.mobileconfig
and move on tothe next step!
openssl_pkcs7_sign()
function with the$flags
field set to 0. This will create a file that isbase-64 encoded. After you strip off the e-mail headers at the top,you can base64_decode()
to get the same output. Forexample:$mobileconfig = base64_decode(preg_replace('/(.+\n)+\n/', '',$signed, 1));
Serve up the file on your HTTPSserver
application/x-apple-aspen-config
. You may be able todo this by adding a line to your server's configuration or.htaccess file in the folder with:
AddType application/x-apple-aspen-config .mobileconfig
If serving the file from within PHP, you may do somethinglike:
header('Content-type: application/x-apple-aspen-config; chatset=utf-8');header('Content-Disposition: attachment; filename="company.mobileconfig"');echo $mobileconfig;
Try it out on youriPhone
Get your iPhone and load up Safari. Go to the web address ofwhere your profile is saved, e.g. https://www.example.com/iphone/.Your phone should prompt you to install the profile.
You can see and remove profiles from Settings >General on your iPhone. Note, that it IS possible to create aprofile that cannot be removed except for by the original profileidentifier and signed by the same authority. Be careful that youdon't lock yourself out.
Finished!
At this point, we are finished. See the Enterprise Deployment Guide for other configuration profilesthat you can create. It doesn't let you create or set everythingthat I wish it did (especially when it comes to setting up IMAPdefaults), but it lets you do quite a bit.
I hope that this helps you! This is obviously a very brief guideand I glazed over a few details. If you have any comments, let meknow. My e-mail address can be deduced from the very bottom of thedocument.
See Also
- Retrieving an iPhone response using PHP