ACME

I'm developing an ACME server to issue identity certificates to macOS/iOS devices for MDM attestation, following RFC 8555. Per RFC, the client creates an order, performs authorization, verifies the challenge, and finalizes the order by submitting a CSR to the CA. In my setup, the CA sometimes takes longer to issue the certificate (around 50 seconds). According to RFC 8555, if certificate issuance isn’t complete after the /finalize call, the server should respond with an order object with a processing status. The client should then send a POST-as-GET request to the order resource (e.g., /order/) to check the current state. If the CA still hasn’t issued the certificate, the server should return the order object with the same processing status and include a Retry-After header, indicating when the client should retry. The client is expected to poll the order resource at this specified interval with POST-as-GET requests. However, it seems the Apple ACME client ignores the Retry-After header and i

I received two different emails from Apple regarding my developer account: An App Store invitation email stating: You're invited to join a development team, Acme Corp, in the Apple Developer Program so you can help develop, distribute, and manage their apps. The company name here correctly shows Acme Corp. A TestFlight invitation email with the subject line: TechSolutions LLC has invited you to test ShopEasy. In this email, TechSolutions LLC appears as the company name, but it should be either Acme Corp or simply the app name, ShopEasy. For context, I have two apps in my account: ShopEasy and TechApp. They are created as separate apps under Acme Corp, which is the entity registered in my Apple Developer account membership. Despite this, when I build ShopEasy for TestFlight, the email subject uses TechSolutions LLC as the company name, which is confusing for testers. Could someone help me understand where TechSolutions LLC is coming from, and how I can fix this so that the c

I received two different emails from Apple regarding my developer account: An App Store invitation email stating: You're invited to join a development team, Acme Corp, in the Apple Developer Program so you can help develop, distribute, and manage their apps. The company name here correctly shows Acme Corp. A TestFlight invitation email with the subject line: TechSolutions LLC has invited you to test ShopEasy. In this email, TechSolutions LLC appears as the company name, but it should be either Acme Corp or simply the app name, ShopEasy. For context, I have two apps in my account: ShopEasy and TechApp. They are created as separate apps under Acme Corp, which is the entity registered in my Apple Developer account membership. Despite this, when I build ShopEasy for TestFlight, the email subject uses TechSolutions LLC as the company name, which is confusing for testers. Could someone help me understand where TechSolutions LLC is coming from, and how I can fix this so that the c

Current Apple ACME Profile does not support EAB. Do you have any plan to support it?

I'm trying to implement managed device attestation, I have written server code in Go. So far, I have been able to implement all the steps except finalizing order by sending the Certificate url in the json response from where the client can download the certificate. ACME request flow failed at step 8: Error Domain=NSURLErrorDomain Code=-1002 unsupported URL UserInfo={NSLocalizedDescription=unsupported URL, NSErrorFailingURLStringKey=} For server, I am using localhost with https. The URL in certificate field of json response is working in browser/postman. I am not able to figure out what is the exact the cause of this error. As there is no FailingURLStringKey I suspect there might be some issue with key in the json response. Can anyone point me to the correct direction to figure out what is the issue?

I am attempting to communicate over serial with a USB-C device and an M-Series iPad. I have proven the device to communicate as expected (baud rate, parity, etc) via a Swift app on Mac using a third party library (IOKit) that utilizes the AppleUSBACM (v5.0.0) driver on macOS. I am looking to recreate this communication via iPadOS and a custom DriverKit driver that provides this same interface. There is not an example from Apple for serial communication and DriverKit but there is a couple for communicating from an app to the dext, and for other networking examples. There are also other mentions in WWDC videos but they are incomplete and do not provide the needed structure. Communicating between a driver extension and a client app Connecting a network driver Bring your driver to iPad with DriverKit System Extensions and DriverKit My question revolves around architecture and how to set up a driver for these needs. I have gotten the examples to run and understand what is needed for entitlements and other local si

Hi, I'm looking into ACME Managed Deice Attestation and was wondering about one of the values in the payload - AllowAllAppsAccess. From the documentation: If true, all apps have access to the private key but what is the case that you would have this set to true? seems like it opens up the device to potentially malicious software. Also, if this were set to true, how would an app access this private key when it is stored in the Secure Enclave? is there a specific tag that it is stored with?