Mobileconfig File

As we all know, Apple has a very handy feature for its developer that enables you generating a mobileconfig file. The mobileconfig file is actually in XML format, you will be able to configure one's iPhone/Mac easily with one click, for example, add VPN config, add HTTP proxy, add contacts, Wi-Fi profile, email accounts etc.

If you have not heard of MobileConfig, please go have a check of Apple Configurator. This is the gate to the configuration file.

Why Sign the ConfigFile

Let's assume you already have your configure file generated properly and they are ready to be distributed to your users/customers. One of the issue is they are not encrypted and you can not guarantee they have not been modified during the distribution process. And most important, the "unsigned" on the configure profile is annoying.

Config File

Sign it with your own SSL certificate

Since we decided to sign it, there is several ways to sign, however, we need to have a certificate before we starting sign the file. Actually, we have several options to to that, you can use a Apple Developer Certificate, an SSL certificate or a code signing certificate.

In my case, I am not a paying apple developer and I do not own a code signing certificate (too expensive). I do have lots of SSL certificates. If you need one, you can create one for free (3 months) with Let's encrypt, or just buy a one year certificate for 10 dollar on Name.com

Generally speaking, you are good with most SSL providers, just to reassure, come here and see if Apple trust your SSL provider.

After you get your SSL certificate, prepare it in FULL-CHAIN - that means you need to have your private key, CSR (if any) and any other intermediate certificates (if any) and of course, your domain name certificate.


Photo by Jakob Owens / Unsplash