We are trying to build a simple iPhone Enrollment application for in-house use, I was able to install and run EJBCA, but getting the iphone enrolled is getting deficult. Is there any How-to guide for Iphone enrollment using EJBCA SCEP service? any help would be much appreciated.
There is no public how-to-guide at the moment but here is a starter:
EJBCA and the iPhone works very nicely together. PrimeKey has created a detailed howto guide for that.
You can query for it at info(at)primekey.se if you like.
Thanks Anders and Tomas for your quick response, I was able to get the device attributes, the step where I got struck is at Certificate Enrollment using SCEP. I have created CA and named it as IPS, iphone is trying to get the IPS CA, but for some reason it is failing. When I tried to get the cert from Firefox by typing the URL (http://<hostname:port/ejbca/publicweb/apply/scep/pkiclient.exe?operation=GetCACert&message=IPS), I am prompted if I would like to trust the certificate. I am not sure if I am doing anything wrong.
I was not able to find the How-to guide at Primekey.se, could you please post the link to it?
Setting up SCEP can be a bit tricky.
"I was not able to find the How-to guide at Primekey.se, could you please post the link to it?"
You need to send a request to info (at) primekey.se.
Thanks Anders, I just sent them an email. Hope to hear from them soon :)
iPhone/iOS is listed as a tested device under http://ejbca.org/adminguide.html#Scep. There is a link to PrimeKey, but the document is not available for public download.
I was able to resolve the issue by myself, is it ok if I post how to do it here?
This is an open source forum, so feel free to use it.
iPhone 5 presents a certificate signed with its serial number.
Would iphone 5 be able to enrol into ejbca? I wasn't able to do it with cisco scep 2900 even though I have all the root and intermediate certificates from apple…
PrimeKey have recently created a specific web-based enrollment solution for iOS and Android-based devices.
Unfortunately it is currently not available as open source.
Anyway, the EJBCA SCEP implementation (client mode) is fully compatible with the iOS SCEP implementation.