Manualshelf

User Guide

ManualsBrandsApple ManualsOtherIPHONE OS
31323334353637383940
40 Chapter 2 Creating and Deploying Configuration Profiles
SCEP Settings
The SCEP payload lets you specify settings that allow the device to obtain certificates
from a CA using Simple Certificate Enrollment Protocol (SCEP).
For more information about how the iPhone obtains certificates wirelessly,
see “Over-the-Air Enrollment and Configuration on page 22.
Advanced Settings
The Advanced payload lets you change the devices Access Point Name (APN) and cell
network proxy settings. These settings define how the device connects to the carriers
network. Change these settings only when specifically directed to do so by a carrier
network expert. If these settings are incorrect, the device can’t access data using the
cellular network. To undo an inadvertent change to these settings, delete the profile
from the device. Apple recommends that you define APN settings in a configuration
profile separate from other enterprise settings, because profiles that specify APN
information must be signed by your cell service provider.
iPhone supports APN user names of up to 20 characters, and passwords of up to
32 characters.
Editing Configuration Profiles
In iPhone Configuration Utility, select a profile in the Configuration Profiles list, and
then use the payload list and editing panes to make changes. You can also import a
profile by choosing File > Add to Library and then selecting a .mobileconfig file. If the
settings panes aren’t visible, choose View > Show Detail.
Setting Description
URL This is the address of the SCEP server.
Name This can be any string that will be understood by the certificate
authority, it can be used to distinguish between instances, for
example.
Subject The representation of a X.500 name represented as an array of OID
and value. For example, /C=US/O=Apple Inc./CN=foo/1.2.5.3=bar,
which would translate to:
[ [ [“C”, “US”] ], [ [“O”, Apple Inc.”] ], ..., [ [ “1.2.5.3”, “bar ] ] ]
Challenge A pre-shared secret the SCEP server can use to identify the request
or user.
Key Size and Usage Select a key size, and—using the checkboxes below this field—the
acceptable use of the key.
Fingerprint If your Certificate Authority uses HTTP, use this field to provide the
fingerprint of the CAs certificate which the device will use to
confirm authenticity of the CAs response. during the enrollment
process. You can enter a SHA1 or MD5 fingerprint, or select a
certificate to import its signature.