apple已不再提供Windows上的apple configurator工具,所以只能自己手写了
文件模板
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <!-- Set the name to whatever you like, it is used in the profile list on the device --> <key>PayloadDisplayName</key> <string>hk ikev2 config</string> <!-- This is a reverse-DNS style unique identifier used to detect duplicate profiles --> <key>PayloadIdentifier</key> <string>192.168.5.105</string> <!-- A globally unique identifier, use uuidgen on Linux/Mac OS X to generate it --> <key>PayloadUUID</key> <string>9f93912b-5fd2-4455-99fd-13b9a47b4581</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadContent</key> <array> <!-- It is possible to add multiple VPN payloads with different identifiers/UUIDs and names --> <dict> <!-- This is an extension of the identifier given above --> <key>PayloadIdentifier</key> <string>192.168.5.105</string> <!-- A globally unique identifier for this payload --> <key>PayloadUUID</key> <string>29e4456d-3f03-4f15-b46f-4225d89465b7</string> <key>PayloadType</key> <string>com.apple.vpn.managed</string> <key>PayloadVersion</key> <integer>1</integer> <!-- This is the name of the VPN connection as seen in the VPN application later --> <key>UserDefinedName</key> <string>hk ikev2 config</string> <key>VPNType</key> <string>IKEv2</string> <key>IKEv2</key> <dict> <!-- Hostname or IP address of the VPN server --> <key>RemoteAddress</key> <string>192.168.5.105</string> <!-- Remote identity, can be a FQDN, a userFQDN, an IP or (theoretically) a certificate's subject DN. Can't be empty. IMPORTANT: DNs are currently not handled correctly, they are always sent as identities of type FQDN --> <key>RemoteIdentifier</key> <string>192.168.5.105</string> <!-- Local IKE identity, same restrictions as above. If it is empty the client's IP address will be used --> <key>LocalIdentifier</key> <string></string> <!-- The server is authenticated using a certificate --> <key>AuthenticationMethod</key> <string>Certificate</string> <!-- The client uses EAP to authenticate --> <key>ExtendedAuthEnabled</key> <integer>1</integer> <!-- User name for EAP authentication. Since iOS 9 this is optional, the user is prompted when the profile is installed --> <key>AuthName</key> <string>test</string> <!--<key>AuthPassword</key> <string></string>--> </dict> </dict> <!-- This payload is optional but it provides an easy way to install the CA certificate together with the configuration --> <dict> <key>PayloadIdentifier</key> <string>caCert.ca</string> <key>PayloadUUID</key> <string>64988b2c-33e0-4adf-a432-6fbcae543408</string> <key>PayloadType</key> <string>com.apple.security.root</string> <key>PayloadVersion</key> <integer>1</integer> <!-- This is the Base64 (PEM) encoded CA certificate --> <key>PayloadContent</key> <data> MIIDVzCCAj+gAwIBAgIIUF9vCfksOkswDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UE ................................................................ m5YbMsFYzWq4YEIOxAk09/6VUdLAskOKW73PWmZdu/IWyivKuNy1wh+UYw== </data> </dict> </array> </dict> </plist>
test.mobileconfig
不管证书认证还是用户名认证AuthenticationMethod的值都是Certificate,如果证书认证ExtendedAuthEnabled=0,并且PayloadCertificateUUID=后面所附client证书的UUID,例如
<key>PayloadCertificateUUID</key> <string>d60488c6-328e-4944-9c8d-61db8095c864</string>
如果用户名认证ExtendedAuthEnabled=1,并在下面加入用户名密码,如果没有在安装配置时iphone会提示输入
<!-- User name for EAP authentication. Since iOS 9 this is optional, the user is prompted when the profile is installed -->
<key>AuthName</key>
<string>test</string>
<!--<key>AuthPassword</key>
<string></string>-->
末尾所附证书为pem格式,并且去掉begin,end行,不然证书不识别,把der证书转为pem格式
openssl x509 -in caCert.der -inform DER -out caCert.pem -outform PEM
最后用邮件发送或放到http服务器上,放在http服务器上时需要添加mime
/etc/apache2/mods-enabled/mime.conf
加入
AddType application/x-apple-aspen-config .mobileconfig
service apache2 restart
相关推荐
在iOS生态系统中,mobileconfig文件扮演着至关重要的角色。这些文件是XML格式的,用于向用户的设备推送配置信息,如企业应用...同时,它也强调了在iOS生态系统中,安全和验证的重要性,尤其是在分发敏感配置或应用时。
iOS_iPadOS_16_Beta_Profile.mobileconfig
iOS_iPadOS_17_Public_Profile-1.mobileconfig
iOS_iPadOS_14_Beta_Profile.mobileconfig
ios.mobileconfig
描述文件(Profile)在iOS中主要用于配置和管理设备,包括设置系统偏好、限制访问权限、安装企业应用以及更新系统版本。在本例中,`iOS_14_Beta_Profile.mobileconfig`文件是苹果为iOS 14.0 Beta 3提供的一个配置...
KM-OLD-IOS.mobileconfig
iOS16Beta.mobileconfig
在iOS系统中,每个新版本的发布都会引起用户的广泛关注,特别是开发者和科技爱好者们,他们总是渴望尝试最新的功能和改进。iOS 12是苹果公司为iPhone和iPad设备推出的一个重要更新,它带来了诸多性能提升、新特性和...
1627893376962546_KM-OLD-IOS.mobileconfig
可能也可以在macOS上使用,目前我还没有办法对其进行测试。 关于 加密DNS越来越成为主流。 在iOS 14发行版中,Apple包括了对DoH和DoT标准的支持,但是没有提供没有应用程序或配置文件的使用方式。 该工具可以根据...
iOS17.mobileconfig
主要介绍了iOS mobileconfig配置文件进行签名的配置方法,给大家介绍的非常详细,具有一定的参考借鉴价值,需要的朋友可以参考下
MM-IOS.mobileconfig
在iOS应用开发中,"超级签名"是一种非官方但广泛使用的分发机制,它允许开发者无需通过App Store就能将应用程序安装到用户的设备上。这种方式特别适用于内部测试或小范围分发,因为它避开了Apple的审核流程。在这个...
iOS_iPadOS_15_Beta_Profile.mobileconfig
13、IOS设备上mobileconfig配置文件的卸载及MDM Server标记 原文地址:http://www.mbaike.net/ios/1698.html 阶段目标:完成MDM的mobileconfig描述文件的卸载并并标记服务器; 14、CentOS上MDM相关软件的使用命令...
ios_lite.mobileconfig
ios121zhengshiban.mobileconfig