jedda/ACME-MDA-Example.mobileconfig

## ACME-MDA-Example.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>Attest</key>
			<true/>
			<!--
				ClientIdentifier must match one of the permanent identifiers returned by Apple as part of the
				device attestation (Serial Number, UDID)
			-->
			<key>ClientIdentifier</key>
			<string>$SERIALNUMBER</string>
			<!--
				Update the DirectoryURL with the base URL for your step-ca instance and name of your ACME provisioner.
				i.e: https://ca.example.com/acme/provisioner/directory
			-->
			<key>DirectoryURL</key>
			<string>[step-ca base url]/acme/[step-ca provisioner name]/directory</string>
			<key>HardwareBound</key>
			<true/>
			<key>KeySize</key>
			<integer>384</integer>
			<key>KeyType</key>
			<string>ECSECPrimeRandom</string>
			<key>PayloadDisplayName</key>
			<string>ACME Certificate</string>
			<key>PayloadIdentifier</key>
			<string>C535AD45-DA61-4E31-A93F-3E6EC6958CB6</string>
			<key>PayloadType</key>
			<string>com.apple.security.acme</string>
			<key>PayloadUUID</key>
			<string>C535AD45-DA61-4E31-A93F-3E6EC6958CB6</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<!--
				Your certificate Subject common name (CN) has to match the permanent identifier supplied in ClientIdentifier above.
			-->
			<key>Subject</key>
			<array>
				<array>
					<array>
						<string>CN</string>
						<string>$SERIALNUMBER</string>
					</array>
				</array>
			</array>
		</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>Example ACME Managed Device Attestation Profile</string>
	<key>PayloadIdentifier</key>
	<string>22F22D92-933F-4B7C-9D9E-B82D4A2D6768</string>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>22F22D92-933F-4B7C-9D9E-B82D4A2D6768</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>PayloadContent</key>
	<array>
	<dict>
	<key>Attest</key>
	<true/>
	<!--
	ClientIdentifier must match one of the permanent identifiers returned by Apple as part of the
	device attestation (Serial Number, UDID)
	-->
	<key>ClientIdentifier</key>
	<string>$SERIALNUMBER</string>
	<!--
	Update the DirectoryURL with the base URL for your step-ca instance and name of your ACME provisioner.
	i.e: https://ca.example.com/acme/provisioner/directory
	-->
	<key>DirectoryURL</key>
	<string>[step-ca base url]/acme/[step-ca provisioner name]/directory</string>
	<key>HardwareBound</key>
	<true/>
	<key>KeySize</key>
	<integer>384</integer>
	<key>KeyType</key>
	<string>ECSECPrimeRandom</string>
	<key>PayloadDisplayName</key>
	<string>ACME Certificate</string>
	<key>PayloadIdentifier</key>
	<string>C535AD45-DA61-4E31-A93F-3E6EC6958CB6</string>
	<key>PayloadType</key>
	<string>com.apple.security.acme</string>
	<key>PayloadUUID</key>
	<string>C535AD45-DA61-4E31-A93F-3E6EC6958CB6</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	<!--
	Your certificate Subject common name (CN) has to match the permanent identifier supplied in ClientIdentifier above.
	-->
	<key>Subject</key>
	<array>
	<array>
	<array>
	<string>CN</string>
	<string>$SERIALNUMBER</string>
	</array>
	</array>
	</array>
	</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>Example ACME Managed Device Attestation Profile</string>
	<key>PayloadIdentifier</key>
	<string>22F22D92-933F-4B7C-9D9E-B82D4A2D6768</string>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>22F22D92-933F-4B7C-9D9E-B82D4A2D6768</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	</dict>
	</plist>