User Guide

Appendix B Configuration Profile Format 77

Calendar Subscription Payload

The CalSub payload is designated by the com.apple.subscribedcalendar.account

PayloadType value. In addition to the settings common to all payloads, this payload

defines the following:

SCEP Payload

The SCEP (Simple Certificate Enrollment Protocol) payload is designated by the

com.apple.encrypted-profile-service PayloadType value. In addition to the settings

common to all payloads, this payload defines the following:

Key Value

SubCalAccountDescription String, optional. Description of the account.

SubCalAccountHostName String, mandatory. The server address.

SubCalAccountUsername String, optional. The user’s login name

SubCalAccountPassword String, optional. The user’s password.

SubCalAccountUseSSL Boolean, mandatory. Whether or not to use SSL.

Key Value

URL String, mandatory.

Name String, optional. any string which is understood by the SCEP

server. For example, it could be a domain name like

example.org. If a certificate authority has multiple CA certificates

this field can be used to distinguish which is required.

Subject Array, optional. The representation of a X.500 name represented

as an array of OID and value. For example, /C=US/O=Apple Inc./

CN=foo/1.2.5.3=bar, which would translate to:

[ [ [“C”, “US”] ], [ [“O”, “Apple Inc.”] ], ..., [ [ “1.2.5.3”, “bar” ] ] ]

OIDs can be represented as dotted numbers, with shortcuts for

C, L, ST, O, OU, CN (country, locality, state, organization,

organizational unit, common name).

Challenge String, optional. A pre-shared secret.

Keysize Number, optional. The keysize in bits, either 1024 or 2048.

Key Type String, optional. Currently always “RSA”.

Key Usage Number, optional. A bitmask indicating the use of the key. 1 is

signing, 4 is encryption, 5 is both signing and encryption.

Windows CA supports only encryption or signing, but not both

at the same time.