一）配置IIS加密连接，ios系统升级7.1后已经无法使用http进行企业内部署，为了满足mdm的加密需求以及大厅的初始化安装需要进行生成自签名证书

1）配置MIME

cer application/x-x509-ca-cert

.mobileconfig application/x-apple-aspen-config

2）brew install go (如果无法link成功请运行brew prune )

go get github.com/deckarep/EasyCert

export GOPATH=$HOME/go

export PATH=$PATH:$GOPATH/bin

使用附件中的go文件替换src下的源文件，修改certName和hostName为发证单位和服务器信息(区分域名和IP地址)

go build EasyCert

easycert

3)mmc导入信任根节点myCA.cer(使用自签名的话后面IPCU中要导入根证书)

IIS导入server.pfx，设置证书，设置绑定（要重启）

下载,使用myCA.cer作为描述文件的证书，client.pfx作为mdm的验证证书

二）配置MDM

1）新建一个文件夹，然后拷贝上一步生成的server.req ,server.pfx,server.key 到该文件夹,使用server.req向developercenter请求msr证书，下载获得的证书文件mdm.cer

openssl x509 -inform der -in mdm.cer -out mdm.pem

openssl genrsa -des3 -out customerPrivateKey.pem 2048

openssl req -new -key customerPrivateKey.pem -out customer.csr -subj '/C=CN/ST=BeiJing/L=BeiJing/CN=10.18.3.33'

openssl req -inform pem -outform der -in customer.csr -out customer.der

2)从git下载生成plist.然后去生成证书

python mdm_vendor_sign.py --csr customer.csr --key server.key --mdm mdm.cer

下载pem文件重命名(MDMYTHT.pem)

查看证书信息信息

openssl x509 -noout -in mdmYTHT.pem -issuer -subject -dates

将UID拷贝出来，这个是MDM中的Topic信息( com.apple.mgmt.External.e617f289-3be5-4df7-90fa-5ec8f75d8c98)

3）导出发送MDM信息的证书文件

openssl rsa -in customerPrivateKey.pem -out PlainKey.pem

cat MDMYTHT.pem PlainKey.pem > PlainCert.pem

openssl pkcs12 -export -out mdmapnscertificate.pfx -inkey PlainKey.pem -in MDMYTHT.pem

mdmapnscertificate.pfx作为推送证书在PushSharp中使用

 

三）iis配置接收PUT

　　

四）获取设备Checkin的信息(如果要区分设备，需要建立页面接收用户输入的名称然后修改chekcin地址并生成mobieconfig文件供下载，使用自签名证书的话无法给改文件签名)

StreamReader stream = new StreamReader(context.Request.InputStream);        string x = stream.ReadToEnd();        string xml = HttpUtility.UrlDecode(x);        Console.WriteLine(xml);        var result = (Dictionary
     
      )PlistCS.Plist.readPlistSource(xml);        if (result["MessageType"].ToString() == "Authenticate")        {            XbModel.XNOAEntities xnoa = new XbModel.XNOAEntities();            var udid = result["UDID"].ToString();            XbModel.MdmData mdmdata = xnoa.MdmData.FirstOrDefault(xx => xx.UDID == udid);            if (mdmdata == null)            {                mdmdata = new XbModel.MdmData();                mdmdata.UDID = result["UDID"].ToString();                mdmdata.Topic = result["Topic"].ToString();                xnoa.MdmData.Add(mdmdata);                xnoa.SaveChanges();            }            context.Response.Clear();            context.Response.ContentType = "text/xml";            context.Response.Write(APSP.Common.FileHelper.ReadFile(context.Server.MapPath("~/ForMobile/blank.plist")));            context.Response.End();        }        if (result["MessageType"].ToString() == "TokenUpdate")        {            XbModel.XNOAEntities xnoa = new XbModel.XNOAEntities();            var udid=result["UDID"].ToString();            XbModel.MdmData mdmdata = xnoa.MdmData.FirstOrDefault(xx => xx.UDID ==udid );            if (mdmdata != null)            {                mdmdata.PushMagic = result["PushMagic"].ToString();                mdmdata.Token = (byte[])result["Token"];                mdmdata.UnlockToken = (byte[])result["UnlockToken"];                xnoa.SaveChanges();            }            context.Response.Clear();            context.Response.StatusCode = 200;            context.Response.End();        }
     

　　

 

五）推送MDM信息

var xnoa = new XNOAEntities();            var appleCert = File.ReadAllBytes(@"mdmpush.pfx");            var appleset = new ApplePushChannelSettings(true, appleCert, "******", true);            var push = new ApplePushService(appleset);            push.OnNotificationFailed += new PushSharp.Core.NotificationFailedDelegate(push_OnNotificationFailed);            push.OnNotificationSent += (sender, notification1) => Console.WriteLine("NOTIFICATION Send: " + ((AppleNotification)notification1).DeviceToken);            push.OnNotificationRequeue += (sender, e) => Console.WriteLine("REQUEUE: " + ((AppleNotification)e.Notification).Identifier);            push.OnServiceException += new PushSharp.Core.ServiceExceptionDelegate(push_OnServiceException);            foreach (var mdmcommand in xnoa.MdmCommand.Where(x => x.CommandStatus == "-1"))            {                String pushMagicString = mdmcommand.PushMagic;                String token = mdmcommand.Token;// BitConverter.ToString(mdmdata.Token).Replace("-", string.Empty);                Console.WriteLine("Device Token length is: " + token.Length);                Console.WriteLine("DeviceToken is: " + token);                Console.WriteLine("PushMagic is: " + pushMagicString);                var notification = new AppleNotification(token, new AppleNotificationPayload()).WithCustomItem("mdm", mdmcommand.PushMagic);                Console.WriteLine(notification.ToString());                push.QueueNotification(notification);            }            Console.WriteLine("Waiting for Queue to Finish...");            //Stop and wait for the queues to drains            push.Stop(true);            Console.WriteLine("Queue Finished, press return to exit...");