Last active
January 9, 2024 06:20
-
-
Save jedda/1f5c631f39b500fe2a769a228ef22572 to your computer and use it in GitHub Desktop.
An example of an ACME Certificate Profile & payload (com.apple.security.acme) that can be used on iOS (16 and above) and macOS (14 and above) to request an ACME certificate with Managed Device Attestation from Apple.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>PayloadContent</key> | |
<array> | |
<dict> | |
<key>Attest</key> | |
<true/> | |
<!-- | |
ClientIdentifier must match one of the permanent identifiers returned by Apple as part of the | |
device attestation (Serial Number, UDID) | |
--> | |
<key>ClientIdentifier</key> | |
<string>$SERIALNUMBER</string> | |
<!-- | |
Update the DirectoryURL with the base URL for your step-ca instance and name of your ACME provisioner. | |
i.e: https://ca.example.com/acme/provisioner/directory | |
--> | |
<key>DirectoryURL</key> | |
<string>[step-ca base url]/acme/[step-ca provisioner name]/directory</string> | |
<key>HardwareBound</key> | |
<true/> | |
<key>KeySize</key> | |
<integer>384</integer> | |
<key>KeyType</key> | |
<string>ECSECPrimeRandom</string> | |
<key>PayloadDisplayName</key> | |
<string>ACME Certificate</string> | |
<key>PayloadIdentifier</key> | |
<string>C535AD45-DA61-4E31-A93F-3E6EC6958CB6</string> | |
<key>PayloadType</key> | |
<string>com.apple.security.acme</string> | |
<key>PayloadUUID</key> | |
<string>C535AD45-DA61-4E31-A93F-3E6EC6958CB6</string> | |
<key>PayloadVersion</key> | |
<integer>1</integer> | |
<!-- | |
Your certificate Subject common name (CN) has to match the permanent identifier supplied in ClientIdentifier above. | |
--> | |
<key>Subject</key> | |
<array> | |
<array> | |
<array> | |
<string>CN</string> | |
<string>$SERIALNUMBER</string> | |
</array> | |
</array> | |
</array> | |
</dict> | |
</array> | |
<key>PayloadDisplayName</key> | |
<string>Example ACME Managed Device Attestation Profile</string> | |
<key>PayloadIdentifier</key> | |
<string>22F22D92-933F-4B7C-9D9E-B82D4A2D6768</string> | |
<key>PayloadScope</key> | |
<string>System</string> | |
<key>PayloadType</key> | |
<string>Configuration</string> | |
<key>PayloadUUID</key> | |
<string>22F22D92-933F-4B7C-9D9E-B82D4A2D6768</string> | |
<key>PayloadVersion</key> | |
<integer>1</integer> | |
</dict> | |
</plist> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment