"Trying to add a bogus certificate..." when sending out Profiles...

Discussion in 'Mac OS X Server, Xserve, and Networking' started by BryanSchmiedele, Aug 27, 2013.

  1. macrumors member

    #1
    I am trying to insall a profile from Profile Manager 2 in Mac OS X Server to iPhones and am haging a terrible problem.

    Let me outline the steps I am taking:

    1. I enter my iPhone as a placeholder.
    2. I create a new device group.
    3. I add my iPhone placeholder to the group.
    4. Send the Enrollement Profile to myself via email.
    5. Install the Profile.

    The group configuration is only to allow the device to be managed. Right now I am not even adding an app.

    It looks like the profiles install, but I cannot add an app, and when I check the server logs I get this:

    Aug 27 14:17:22 macserver.scoularmobile.com ProfileManager[49671] <Info>: CertUpdateHandler.run: replace/etc/certificates/Server Fallback SSL Certificate.61099C29AB0DBD78984CCCDE81DDE22C61DBB872.cert.pem0x00/etc/certificates/Device Management Identity Certificate.022C5A531765B92DC641255102513F71D982FCA9.cert.pem0x00
    Aug 27 14:17:25 macserver.scoularmobile.com ProfileManager[49682] <Info>: CertUpdateHandler.run: replace/etc/certificates/Device Management Identity Certificate.0E3D10FD44E2752F0F5E0DB7F2CE5B2B6782580E.cert.pem0x00/etc/certificates/Device Management Identity Certificate.022C5A531765B92DC641255102513F71D982FCA9.cert.pem0x00
    Aug 27 14:17:56 macserver.scoularmobile.com ProfileManager[49701] <Info>: CertUpdateHandler.run: replace/etc/certificates/Server Fallback SSL Certificate.61099C29AB0DBD78984CCCDE81DDE22C61DBB872.cert.pem0x00/etc/certificates/Device Management Identity Certificate.DB71C616FBA8EA95D6FE36E3014CEC544CD38B01.cert.pem0x00
    Aug 27 14:17:59 macserver.scoularmobile.com ProfileManager[49711] <Info>: CertUpdateHandler.run: replace/etc/certificates/Device Management Identity Certificate.022C5A531765B92DC641255102513F71D982FCA9.cert.pem0x00/etc/certificates/Device Management Identity Certificate.DB71C616FBA8EA95D6FE36E3014CEC544CD38B01.cert.pem0x00
    Aug 27 14:18:22 macserver.scoularmobile.com ruby[49605] <Info>: Pruning certificate chain to 18446744073709551615
    Aug 27 14:18:22 macserver.scoularmobile.com ruby[49605] <Debug>: Trying to add a bogus certificate
    Aug 27 14:18:22 macserver.scoularmobile.com ruby[49605] <Debug>: An error occured while inserting an untrusted certificate into the chain
    Aug 27 14:18:22 macserver.scoularmobile.com ProfileManager[49605] <Info>: Pushed to <Device:"Bryan's iPhone"> with token 6BqFL5HRWYcCaBELhMoZUDt5I0iIyaunTH2PyMGEq8o=, {"mdm":"1463916F-C541-437F-B364-C9B44F61A73C","time":"1377631101.888488"}

    What the heck is wrong? Please help, I am at my wit's end.

    Bryan
     
  2. macrumors regular

    #2
    do you have official certificated for "macserver.scoularmobile.com"? If so i suggest installing them and seeing if that fixes the issue.

    The logs don't look bad, the error is on the debug log level which means it usually isn't a big deal.
     
  3. macrumors newbie

    #3
    This indicates it's mostly trying to use the wrong certificate. Make sure to set the certificate in the 'Certificates' section of the Server app to the Open Directory Root Certification Authority signed certificate (it will be signed by the Intermediate CA). Also make sure to check the box in Profile Manager under 'Sign Configuration Profiles' and make sure to specify the Code Signing certificate that is also signed by the Open Directory Certification Authority -- also signed from the Intermediate CA as before.
     

Share This Page