Issue when using the Enroll Device feature in OS X Profile Manager

Question

madan OP

Created Apr ’16

Replies 0

Boosts 0

Views 2.0k

Participants 1

Hello

I am trying to setup a Profile Manager instance for use within our organization.

I have followed the available documentaion to first setup an OpenDirectory instance, and then enabled Profile Manager.

The issue I have is that when I try to enroll a device (in this case an OS X host), the enrollment fails and my Profile manager instance complains that the SCEP service was unable to sign the data. "{SignData (ota_service_common.php:125)}No signing certificate specified, unable to sign."

The debug log for the enrollment attempt is enclosed below -

################################################################################################################################################################################

php-fpm-894.33 (PID:850, OS:15E65, SERVER:15S5127, ARCH:x86_64) starting

LA: php-fpm -y /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/php/php-fpm.conf -c /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/php/php.ini

Log verbosity level = 1

UID = 220, EUID = 220

################################################################################################################################################################################

1:: [850] [2016/04/05 10:41:28.014] <172.28.83.128> >>> Processing POST auto_join_ota_service

1:: [850] [2016/04/05 10:41:28.024] signerIndex = 0, signStatus = 1

0:: [850] [2016/04/05 10:41:28.190] <172.28.83.128> No signing certificate specified, unable to sign.

1:: [850] [2016/04/05 10:41:28.191] <172.28.83.128> <<< Sent Final Output (3372 bytes) - POST auto_join_ota_service

0:: [850] [2016/04/05 10:41:28.191] <172.28.83.128> Completed in 182ms | 200 OK [https://profilemanager.corp.pretendco.com/devicemanagement/api/device/auto_join_ota_service]

1:: [262] [2016/04/05 10:41:29.309] <172.28.83.128> >>> Processing POST auto_join_ota_service

1:: [262] [2016/04/05 10:41:29.311] signerIndex = 0, signStatus = 1

0:: [262] [2016/04/05 10:41:29.451] <172.28.83.128> No signing certificate specified, unable to sign.

1:: [262] [2016/04/05 10:41:29.452] <172.28.83.128> <<< Sent Final Output (6743 bytes) - POST auto_join_ota_service

0:: [262] [2016/04/05 10:41:29.452] <172.28.83.128> Completed in 145ms | 200 OK [https://profilemanager.corp.pretendco.com/devicemanagement/api/device/auto_join_ota_service]

1:: [265] [2016/04/05 10:59:01.658] <172.28.83.128> >>> Processing POST auto_join_ota_service

1:: [265] [2016/04/05 10:59:01.660] signerIndex = 0, signStatus = 1

0:: [265] [2016/04/05 10:59:01.883] <172.28.83.128> No signing certificate specified, unable to sign.

1:: [265] [2016/04/05 10:59:01.884] <172.28.83.128> <<< Sent Final Output (3372 bytes) - POST auto_join_ota_service

0:: [265] [2016/04/05 10:59:01.884] <172.28.83.128> Completed in 228ms | 200 OK [https://profilemanager.corp.pretendco.com/devicemanagement/api/device/auto_join_ota_service]

1:: [850] [2016/04/05 10:59:02.708] <172.28.83.128> >>> Processing POST auto_join_ota_service

1:: [850] [2016/04/05 10:59:02.710] signerIndex = 0, signStatus = 1

0:: [850] [2016/04/05 10:59:02.859] <172.28.83.128> No signing certificate specified, unable to sign.

1:: [850] [2016/04/05 10:59:02.860] <172.28.83.128> <<< Sent Final Output (6743 bytes) - POST auto_join_ota_service

0:: [850] [2016/04/05 10:59:02.860] <172.28.83.128> Completed in 154ms | 200 OK [https://profilemanager.corp.pretendco.com/devicemanagement/api/device/auto_join_ota_service]

[1616] [2016/04/05 11:54:16.798] -[SULogFileCollection setGlobalLogLevelPrefix:]: YES

0:: [1616] [2016/04/05 11:54:16.799]

\033[1;32m################################################################################################################################################################################\033[0m

php-fpm-894.33 (PID:1616, OS:15E65, SERVER:15S5127, ARCH:x86_64) starting

LA: php-fpm -y /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/php/php-fpm.conf -c /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/php/php.ini

Log verbosity level = 3

UID = 220, EUID = 220

\033[1;32m################################################################################################################################################################################\033[0m

2:: [1616] [2016/04/05 11:54:16.799] Info.plist = {

CFBundleDevelopmentRegion = English;

CFBundleIdentifier = "com.apple.devicemgr";

CFBundleName = devicemgrd;

CFBundleShortVersion = "894.33";

CFBundleShortVersionString = "894.33";

CFBundleVersion = "894.33";

}

2:: [1616] [2016/04/05 11:54:16.799] <172.28.83.128> {GetAppPreference (common.php:64)} GetAppPreference: Pref for 'debugOutput' = 3

2:: [1616] [2016/04/05 11:54:16.799] <172.28.83.128> {GetAppPreference (common.php:66)} GetAppPreference: Pref for 'DBLogSQL' =

2:: [1616] [2016/04/05 11:54:16.800] <172.28.83.128> {GetAppPreference (common.php:66)} GetAppPreference: Pref for 'DBDebug' =

1:: [1616] [2016/04/05 11:54:16.815] <\033[0;32m172.28.83.128\033[0m> {require_once (mdm_enroll.php:11)} >>> Processing POST \033[0;36mmdm_enroll\033[0m

3:: [1616] <\033[0;32m172.28.83.128\033[0m> {ExecuteSQLFunction (mdm_enroll.php:68)} ExecuteSQLFunction: SELECT dm_allow_portal_enroll_unenrollment_for_user_id(:user_pk)

Params = {

'user_pk'=>4

}

2:: [1616] [2016/04/05 11:54:16.858] <\033[0;32m172.28.83.128\033[0m> {GetMDMACLFromUserAgentHeader (mdm_enroll.php:72)} User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17

1:: [1616] [2016/04/05 11:54:16.858] <\033[0;32m172.28.83.128\033[0m> {GetMDMACLFromUserAgentHeader (mdm_enroll.php:72)} OSX version 10.11.4

3:: [1616] <\033[0;32m172.28.83.128\033[0m> {PerformInTransaction (mdm_enroll.php:76)} PerformInTransaction: connID=P:1616, txnID=_enroll_transaction

2:: [1616] [2016/04/05 11:54:16.859] dmpgHelper is alive!

2:: [1616] [2016/04/05 11:54:17.099] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:77)} HTTP_ACCEPT_LANGUAGE = 'en-us'

2:: [1616] [2016/04/05 11:54:17.099] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:77)} popped loc='en-us'

2:: [1616] [2016/04/05 11:54:17.099] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:77)} loc = 'en'

2:: [1616] [2016/04/05 11:54:17.100] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:77)} locale path='/Applications/Server.app/Contents/ServerRoot/usr/share/servermgrd/bundles/servermgr_devicemgr.bundle/Contents/Resources/en.lproj/default.strings'

2:: [1616] [2016/04/05 11:54:17.102] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:77)} localizations for 'en':

{

'portal_are_you_sure_you_want_to_perform_the'=>'Are you sure you want to perform the ',

'portal_are_you_sure_you_want_to_remove_this_device'=>'Are you sure you want to remove this device?',

'portal_enroll_this_iphone'=>'Enroll this iPhone to allow it to be remotely managed.',

'settings_for_everyone'=>'Settings for Everyone',

'cal_sub_display_name'=>'Subscribed Calendar',

'cal_dav_display_name'=>'Calendar',

'trust_profile_description'=>'Configures your device to trust the Profile Manager server.',

'aim_display_name'=>'AIM',

'portal_logout'=>'Logout',

'fonts_display_name'=>'Fonts',

'login_window_global_display_name'=>'Login Window: Global Preferences',

'503_title'=>'My Devices',

'login_items_shift_name'=>'Login Items: User Restrictions',

'portal_this_generic_device_type'=>'This Device',

'mobility_display_name'=>'Mobility',

'ad_cert_display_name'=>'AD Certificate',

'applications_access_display_name'=>'Application Restrictions',

'airprint_display_name'=>'AirPrint',

'scep_display_name'=>'SCEP',

'portal_certificate'=>'Certificate',

'login_items_loginwindow_display_name'=>'Login Items: Network Share Point',

'mobility_menu_display_name'=>'Mobility: Menu Extras',

'portal_install'=>'Install',

'email_pop_display_name'=>'Mail',

'email_imap_display_name'=>'Mail',

'restrictions_display_name'=>'Restrictions',

'pm_wait_upgrade_od_sync'=>'The My Devices website is currently being updated.',

'directory_display_name'=>'Directory',

'portal_enroll_this_mac'=>'Enroll this Mac to allow it to be remotely managed.',

'portal_once_enrolled_you_will'=>'Once enrolled you will also be able to wipe all data from and lock access to this device.',

'403_title'=>'You do not have permission to access this page (403)',

'403_h1'=>'You do not have permission to access the page you were looking for.',

'portal_once_enrolled_ipod'=>'Once enrolled you will also be able to wipe all data from and lock access to this iPod.',

'portal_enter_a_passcode'=>'Enter a passcode',

'security_description'=>'Configures Configuration Profile security',

'applications_dashboard_display_name'=>'Dashboard Widget Restrictions',

'login_window_mcx_display_name'=>'Login Window: MCX Preferences',

'portal_enroll_button'=>'Enroll',

'portal_old_os'=>'<p>Remote Management can not be enabled for this device.</p><p>Remote Management requires OS X 10.7 or later, or iOS 4.1 or later.</p>',

'portal_reenter_your_passcode'=>'Re-enter your passcode',

'appstore_display_name'=>'App Store',

'certificate_display_name'=>'Certificate',

'class_payload_description'=>'Configures Class Profile',

'profile_email_svcs_header'=>'Open the attached configuration profile to configure the following:',

'portal_no_profiles_are_currently_available_to_you'=>'No profiles are currently available to you.',

'ldap_display_name'=>'LDAP',

'subnet_display_name'=>'Bonjour',

'lock_screen_message_display_name'=>'Lock Screen Message',

'general_payload_description'=>'Configures Configuration Profile security',

'applications_display_name'=>'Applications and Widgets',

'desktop_display_name'=>'Desktop',

'parental_controls_filter_display_name'=>'Parental Controls: Content Filter',

'portal_remove_device_tooltip'=>'Remove Device',

'portal_this_ipod'=>'This iPod',

'email.vpp_invitation.paragraph_1'=>'%1$s is requesting access to add apps and books to your iTunes account*. Apps added to your account are temporary and, if revoked, you will have the opportunity to purchase them from the App Store. Books are yours to keep. Your Apple ID will not be revealed to %1$s.',

'email.vpp_invitation.paragraph_2'=>'Sign in to the App Store to grant access to %1$s to add apps and books to your account.',

'parental_controls_display_name'=>'Parental Controls',

'scep_payload_description'=>'Configures SCEP',

'portal_enroll_this_ipad'=>'Enroll this iPad to allow it to be remotely managed.',

'energy_saver_display_name'=>'Energy Saver',

'portal_this_mac'=>'This Mac',

'portal_task_on_this_device'=>' task on this device?',

'software_update_display_name'=>'Software Update',

'portal_task_completed'=>'completed',

'portal_devices_tab'=>'Devices',

'portal_trust_profile'=>'Trust Profile for',

'identification_display_name'=>'Identification',

'printing_display_name'=>'Printing',

'cellular_display_name'=>'Cellular',

'universal_access_display_name'=>'Accessibility',

'portal_task_timestamp_format'=>'%B %d, %Y %I:%M:%S %p %Z',

'mobility_sync_display_name'=>'Mobility: Home Sync',

'email.vpp_invitation.button_title'=>'Sign In',

'parental_controls_timelimits_display_name'=>'Parental Controls: Time Limits',

'trust_profile_display_name'=>'Trust Profile for %1$@',

'profile_display_name'=>'Settings for %1$@',

'mdm_profile_cred_display_name'=>'Device Credential Request',

'portal_enrollment_profile'=>'Enrollment Profile',

'portal_remove_device_button'=>'Remove',

'email.vpp_invitation.footnote'=>'*You will require a valid Apple ID to sign in to the App Store. If you do not already have an Apple ID, you can create one in the App Store. ',

'web_content_filter_display_name'=>'Web Content Filter',

'portal_once_enrolled_mac'=>'Once enrolled you will also be able to wipe all data from and lock access to this Mac.',

'vpn_display_name'=>'VPN',

'media_access_finder_display_name'=>'Media Access: Finder Settings',

'class_profile_description'=>'Class profile for your device.',

'general_payload_display_name'=>'Profile Security',

'system_preferences_display_name'=>'System Preferences',

'portal_task_is_in_progress'=>'is in progress.',

'ota_profile_display_name'=>'Device Enrollment',

'custom_display_name'=>'Custom',

'portal_this'=>'This',

'profile_long_display_format'=>'%1$s (%2$s)',

'jabber_display_name'=>'Jabber',

'mdm_payload_display_name'=>'Device Management',

'login_window_display_name'=>'Login Window',

'portal_passcode_is_required'=>'Passcode is required.',

'auto_join_description'=>'Enrolls your devices with the management server.',

'portal_passcodes_did_not_match'=>'Passcodes did not match.',

'global_http_proxy_display_name'=>'Global HTTP Proxy',

'email_questions'=>'If you have questions, contact %1$s (%2$s)',

'trust_payload_display_name'=>'Root certificate for %1$@',

'passcode_display_name'=>'Passcode',

'scep_profile_display_name'=>'SCEP Configuration Profile',

'mdm_profile_description'=>'Allows the server to manage your device.',

'custom_display_name_long_format'=>'Custom: (%1$s)',

'exchange_display_name'=>'Exchange',

'portal_this_iphone'=>'This iPhone',

'profile_email_intro'=>'You have been sent a configuration profile that can configure the following services on your device. If you have an iOS device with iOS version 4.0 or later, or a Mac with OS X version 10.7 Lion or later, you can click the attachment below to quickly and easily setup your device to use these services.',

'logout_button'=>'Logout',

'login_items_managed_display_name'=>'Login Items: Managed Items',

'single_sign_on_display_name'=>'Single Sign-On',

'homescreen_layout_display_name'=>'Home Screen Layout',

'profile_email_subject'=>'Profile '%1$s' from %2$s',

'scep_payload_display_name'=>'Device Credential Request',

'pm_service_disabled'=>'The My Devices website is turned off.',

'portal_title'=>'My Devices',

'error_page_will_refresh'=>'This page will automatically refresh to load the My Devices website after the update is complete.',

'portal_this_device_cannot_be_unlocked_remotely'=>'This device cannot be unlocked remotely and can only be unlocked using this passcode.',

'dep_prompt_credentials'=>'Please enter your credentials for \u201c%s\u201d:',

'xsan_display_name'=>'Xsan',

'game_center_display_name'=>'Game Center',

'login_window_scripts_display_name'=>'Login Window: Scripts',

'portal_task_cancelled'=>'canceled',

'parental_controls_dictionary_display_name'=>'Parental Controls: Dictionary',

'contact_admin'=>'Contact your system administrator.',

'portal_download_and_install_profile'=>'Download and install profile',

'portal_profile_show_details'=>'Show Contents',

'portal_task_failed'=>'failed',

'portal_enroll_this_ipod'=>'Enroll this iPod to allow it to be remotely managed.',

'portal_clear_passcode_task'=>'Clear Passcode',

'airdrop_display_name'=>'AirDrop',

'proxies_display_name'=>'Proxies',

'network_usage_rules_display_name'=>'Network Usage Rules',

'ota_profile_description'=>'Enrolls your device with the management server.',

'web_clip_display_name'=>'Web Clip',

'app_lock_display_name'=>'Accessibility',

'finder_display_name'=>'Finder',

'google_account_display_name'=>'Google Account',

'media_access_display_name'=>'Media Access',

'mdm_profile_display_name'=>'Remote Management',

'osxserver_account_display_name'=>'OS X Server Account',

'trust_payload_description'=>'Installs the Root certificate for %1$@.',

'wifi_display_name'=>'WiFi',

'managed_domains_display_name'=>'Domains',

'portal_once_enrolled_ipad'=>'Once enrolled you will also be able to wipe all data from and lock access to this iPad.',

'airplay_display_name'=>'AirPlay',

'login_items_display_name'=>'Login Items',

'dock_display_name'=>'Dock',

'mdm_payload_description'=>'Configures Mobile Device Management',

'portal_profiles_downloads_settings_tab'=>'Profiles',

'portal_passcode_was_not_six_digit_number'=>'Passcode was not six digit number.',

'time_machine_display_name'=>'Time Machine',

'portal_serial_number'=>'Serial Number:',

'portal_once_enrolled_iphone'=>'Once enrolled you will also be able to wipe all data from and lock access to this iPhone.',

'email.vpp_invitation.salutation'=>'Dear %1$s,',

'card_dav_display_name'=>'Contacts',

'portal_wipe_task'=>'Wipe',

'privacy_display_name'=>'Security & Privacy',

'login_window_screen_saver_display_name'=>'Login Window: Screen Saver Preferences',

'portal_profile_hide_details'=>'Hide Contents',

'login_items_custom_display_name'=>'Login Items: User Customizations',

'802_1x_display_name'=>'Wired 802.1X',

'portal_this_ipad'=>'This iPad',

'email.vpp_invitation.subject'=>'Receive apps and books from %1$s',

'portal_enroll_this_generic_device_type'=>'Enroll this device to allow it to be remotely managed.',

'scep_profile_description'=>'SCEP profile for Profile Manager Server.',

'media_access_recording_display_name'=>'Media Access: Disc Recording',

'portal_lock_task'=>'Lock',

'ichat_display_name'=>'Messages',

'notifications_display_name'=>'Notifications'

}

2:: [1616] [2016/04/05 11:54:17.102] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:77)} 'mdm_profile_cred_display_name' => 'Device Credential Request'

2:: [1616] [2016/04/05 11:54:17.103] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:89)} loc = 'en'

2:: [1616] [2016/04/05 11:54:17.103] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:89)} 'mdm_payload_description' => 'Configures Mobile Device Management'

2:: [1616] [2016/04/05 11:54:17.103] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:90)} loc = 'en'

2:: [1616] [2016/04/05 11:54:17.103] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:90)} 'mdm_payload_display_name' => 'Device Management'

2:: [1616] [2016/04/05 11:54:17.103] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:101)} loc = 'en'

2:: [1616] [2016/04/05 11:54:17.103] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:101)} 'mdm_profile_description' => 'Allows the server to manage your device.'

2:: [1616] [2016/04/05 11:54:17.103] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:102)} loc = 'en'

2:: [1616] [2016/04/05 11:54:17.103] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:102)} 'mdm_profile_display_name' => 'Remote Management'

2:: [1616] [2016/04/05 11:54:17.103] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:115)} loc = 'en'

2:: [1616] [2016/04/05 11:54:17.103] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:115)} 'trust_payload_description' => 'Installs the Root certificate for %1$@.'

2:: [1616] [2016/04/05 11:54:17.104] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:116)} loc = 'en'

2:: [1616] [2016/04/05 11:54:17.104] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:116)} 'trust_payload_display_name' => 'Root certificate for %1$@'

2:: [1616] [2016/04/05 11:54:17.105] <\033[0;32m172.28.83.128\033[0m> {GenerateMDMBindingProfile (mdm_enroll.php:78)} <?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist

PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"

"http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>PayloadContent</key>

<array>

<dict>

<key>PayloadContent</key>

<dict>

<key>CAFingerprint</key>

<data>JX46vBQR21ImC2i8R8qV6jKQtGs=

</data>

<key>Challenge</key>

<string>MIIDywYJKoZIhvcNAQcDoIIDvDCCA7gCAQAxggHIMIIBxAIBADCBqzCBojE6MDgGA1UEAwwxTG9naXRlY2ggSW5jIE9wZW4gRGlyZWN0b3J5IENlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UECgwMTG9naXRlY2ggSW5jMSUwIwYDVQQLDBxNQUNPU1ggT3BlbkRpcmVjdG9yeSBSb290IENBMSYwJAYJKoZIhvcNAQkBFhdtc3VkaGluZHJhQGxvZ2l0ZWNoLmNvbQIEAs7+PTANBgkqhkiG9w0BAQEFAASCAQBftq2kAXAALvcR8L4bJ4sPPYhRt2yD7+y+HKUSMOHc40jOMa6oC+6Q8vYLGVDvlq4wG2YqMxGnhbdPHt+KwI3NbFp6/feVTSRrz80GofTs9nxiC4IASemXzWikkoKgb3v/+hXZ76l64QzC4DG9fVvJ3Lbh4ViJgzPHWjojiL9oX9Y8TTdNZQd680w3UQFn9StPxX0wNXfv3XFVuO4BRBr3FWkSBbYVqJgbZQlSbS40JIJOPOZxpC7KNrao0zMJYJ6CL1sSURHcRPe3yDiAQKuAzWxiXvhFGquq2wQ7iV2uTqto0E/jU7KwqJJ6SG3jzpRfA8R/qVuPJQz2EMZVyyOAMIIB5QYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAhTZk/kA7awgYCCAcCukMvLchPELd9pzzmZkLVqqmynldt1YOmhpBbRaSPvsC2DnGiba8IbXtapeg/fD44WAWve79f/1ObQrtdtzsURbhv8K3PViEm2Z8c1DJztvoNlRqyZ2wet3UgdSNC+Em7U3JErvOHKxC4+ZmgqSu0AsbLila4jp8LVyKodwmtRKQWi9ucmYZ1uKCfxilI4QtG2kMrLLx6ZN2apRHmya05+8Qb3O5LNllmWIYnX9H/SHcFgZv07FAacvAi9D4GSjLxtMvHjHWxx/i0VkRTTZ5cFHe3W4sMwgJmt6uoM9mY7NYLi5SBozwAkIZQvmtvMP7yLmi+L+7b6o+WWpS+ZKXZUgMqyGMxxvw0ORmmaaQRIi/M3fVyrQManSHSlO0Zs0qOv5p0nyeTIEu8hsuw+aP588JEKltf4i/S24wG74i8PEecVhEeul60ovG68tx3yEUqKYrmGcEQVIGVca/E2tWZYvrO9ykFLHS0YQ2CL+C3qC3oVTgQciV/sxDmMq3ORxSoan1XcL882Qs2elZJKYOE0A4KydTg6WN/qymMm7fOl3j9pXqusAZb2h6vCLzd4BxtBEuSS6mZRaU2g2PNwFjrd</string>

<key>Keysize</key>

<key>Key Usage</key>

<string>Device Management Identity Certificate</string>

<key>Subject</key>

<array>

<string>MDM Identity Certificate:087DB8E7-4C2F-4D08-9D7B-D99BD8746F36</string>

</array>

<string>http://profilemanager.corp.pretendco.com:1640/scep/</string>

</dict>

<key>PayloadDescription</key>

<string>Configures SCEP</string>

<key>PayloadDisplayName</key>

<string>Device Credential Request</string>

<key>PayloadIdentifier</key>

<string>com.apple.mdmconfig.SCEP</string>

<key>PayloadOrganization</key>

<string>Pretendco Inc</string>

<key>PayloadType</key>

<string>com.apple.security.scep</string>

<key>PayloadUUID</key>

<key>PayloadVersion</key>

</dict>

<dict>

<key>AccessRights</key>

<key>CheckInURL</key>

<string>https://profilemanager.corp.pretendco.com/devicemanagement/api/device/mdm_checkin</string>

<key>CheckOutWhenRemoved</key>

<true/>

<key>IdentityCertificateUUID</key>

<key>PayloadDescription</key>

<string>Configures Mobile Device Management</string>

<key>PayloadDisplayName</key>

<string>Device Management</string>

<key>PayloadIdentifier</key>

<string>com.apple.mdmconfig.mdm</string>

<key>PayloadOrganization</key>

<string>Pretendco Inc</string>

<key>PayloadType</key>

<string>com.apple.mdm</string>

<key>PayloadUUID</key>

<key>PayloadVersion</key>

<key>ServerCapabilities</key>

<array>

<string>com.apple.mdm.per-user-connections</string>

</array>

<key>ServerURL</key>

<string>https://profilemanager.corp.pretendco.com/devicemanagement/api/device/mdm_connect</string>

<key>Topic</key>

<string>com.apple.mgmt.XServer.158b4b73-f73e-4771-98df-22b73165662a</string>

</dict>

<dict>

<key>PayloadVersion</key>

<key>PayloadDisplayName</key>

<string>Root certificate for </string>

<key>PayloadIdentifier</key>

<string>com.apple.ssl.certificate</string>

<key>PayloadType</key>

<string>com.apple.security.root</string>

<key>PayloadContent</key>

<data>MIIEnzCCA4egAwIBAgIEAs7+PDANBgkqhkiG9w0BAQsFADCBojE6MDgGA1UEAwwx

TG9naXRlY2ggSW5jIE9wZW4gRGlyZWN0b3J5IENlcnRpZmljYXRlIEF1dGhvcml0

eTEVMBMGA1UECgwMTG9naXRlY2ggSW5jMSUwIwYDVQQLDBxNQUNPU1ggT3BlbkRp

cmVjdG9yeSBSb290IENBMSYwJAYJKoZIhvcNAQkBFhdtc3VkaGluZHJhQGxvZ2l0

ZWNoLmNvbTAeFw0xNjA0MDQyMzM1MjRaFw0yMTA0MDUyMzM1MjRaMIGiMTowOAYD

VQQDDDFMb2dpdGVjaCBJbmMgT3BlbiBEaXJlY3RvcnkgQ2VydGlmaWNhdGUgQXV0

aG9yaXR5MRUwEwYDVQQKDAxMb2dpdGVjaCBJbmMxJTAjBgNVBAsMHE1BQ09TWCBP

cGVuRGlyZWN0b3J5IFJvb3QgQ0ExJjAkBgkqhkiG9w0BCQEWF21zdWRoaW5kcmFA

bG9naXRlY2guY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA258/

jt+I+XiJt7fHLVFz/sp7yswEn9LjsrcmPF8uLCCQ085zMrfKuM4GYY6dMCGvnLhJ

4wGrForauHSGg3QgDYjBem9w/V+z4cW+yehnIs6z9eB33davAZ2TKJd5+okpjmPM

CaHw7lnQzTNgQQaNGX9zQ+f9o+GS7nPHRoiNbgfu7rAmUaZPzWjBf3E5b52pPmrX

OswVKTLo2s9boq3rFKo76QExCzq4ghiSjqjZPYzX0T3xjJ00ht8ONcRU2udmsLiC

TNN2pyS5OSNfP+MfZi21qqa9UrahtRNLP+B4h6ClhaDs6Hqejv1+dl1Wu8MTFM0f

KZEfgKSywQi8f3N+JwIDAQABo4HaMIHXMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P

AQH/BAQDAgGGMDAGA1UdJQEB/wQmMCQGCCsGAQUFBwMBBgkqhkiG92NkBAMGBysG

AQUCAwUGBFUdJQAwgYEGA1UdHwR6MHgwdqB0oHKGcGh0dHA6Ly9wcm9maWxlbWdy

LmNvcnAubG9naXRlY2guY29tOjE2NDAvcmZjMjU4NS9Mb2dpdGVjaCUyMEluYyUy

ME9wZW4lMjBEaXJlY3RvcnklMjBDZXJ0aWZpY2F0ZSUyMEF1dGhvcml0eS5jcmww

DQYJKoZIhvcNAQELBQADggEBAC62MuUBPLdM5GZuvH5PABl6ceRL0+msvEw3+PRJ

5JMznlA0sbMc2Bh6HbFfOphGGRcFBV8ivNXkWAWQGT6wOEnklSXzmsonN44bVtbs

5i+haTaIiFuZ0xkQ7jG/xSe9vLiXx/fiI0NT/N6yFb6WxJ0Ko03cnWQ6U+UGSbHa

g/CJyd/WwRPq1OQ9SGPtNQ9Ndlmqz6K2mEX27EkAPj8594j2qVriQB2xUNVzhoqR

dcg6hqATaqBwx3bFKPs6wubE89aRj7iya66ltElIG7WUgeZAmFLSbH9iIgVnaGdH

B30cF0nsj5nUS0mwCoHDYcMrLyx1lBFDKcM2M4dGSaMFMY0=

</data>

<key>PayloadOrganization</key>

<string>Pretendco Inc</string>

<key>PayloadDescription</key>

<string>Installs the Root certificate for .</string>

<key>PayloadUUID</key>

<string>19A00D73-9E5A-4D93-A53E-12DAEEA2C18E</string>

</dict>

</array>

<key>PayloadDescription</key>

<string>Allows the server to manage your device.</string>

<key>PayloadDisplayName</key>

<string>Remote Management</string>

<key>PayloadIdentifier</key>

<string>com.apple.config.profilemanager.corp.pretendco.com.mdm</string>

<key>PayloadOrganization</key>

<string>Pretendco Inc</string>

<key>PayloadType</key>

<string>Configuration</string>

<key>PayloadUUID</key>

<key>PayloadVersion</key>

</dict>

</plist>

0:: [1616] [2016/04/05 11:54:17.105] <\033[0;32m172.28.83.128\033[0m> {SignData (ota_service_common.php:125)} No signing certificate specified, unable to sign.

1:: [1616] [2016/04/05 11:54:17.106] <\033[0;32m172.28.83.128\033[0m> {SendFinalOutput (mdm_enroll.php:86)} <<< Sent Final Output (6743 bytes) - POST \033[0;36mmdm_enroll\033[0m

0:: [1616] [2016/04/05 11:54:17.106] <\033[0;32m172.28.83.128\033[0m> {SendFinalOutput (mdm_enroll.php:86)} Completed in 310ms | 200 OK [https://profilemanager.corp.pretendco.com/devicemanagement/mdm/mdm_enroll]

[1617] [2016/04/05 11:55:45.221] -[SULogFileCollection setGlobalLogLevelPrefix:]: YES

0:: [1617] [2016/04/05 11:55:45.222]

\033[1;32m################################################################################################################################################################################\033[0m

php-fpm-894.33 (PID:1617, OS:15E65, SERVER:15S5127, ARCH:x86_64) starting

LA: php-fpm -y /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/php/php-fpm.conf -c /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/php/php.ini

Log verbosity level = 3

UID = 220, EUID = 220

\033[1;32m################################################################################################################################################################################\033[0m

2:: [1617] [2016/04/05 11:55:45.222] Info.plist = {

CFBundleDevelopmentRegion = English;

CFBundleIdentifier = "com.apple.devicemgr";

CFBundleName = devicemgrd;

CFBundleShortVersion = "894.33";

CFBundleShortVersionString = "894.33";

CFBundleVersion = "894.33";

}

2:: [1617] [2016/04/05 11:55:45.222] <172.28.83.128> {GetAppPreference (common.php:64)} GetAppPreference: Pref for 'debugOutput' = 3

2:: [1617] [2016/04/05 11:55:45.222] <172.28.83.128> {GetAppPreference (common.php:66)} GetAppPreference: Pref for 'DBLogSQL' =

2:: [1617] [2016/04/05 11:55:45.222] <172.28.83.128> {GetAppPreference (common.php:66)} GetAppPreference: Pref for 'DBDebug' =

1:: [1617] [2016/04/05 11:55:45.227] <\033[0;32m172.28.83.128\033[0m> {require_once (auto_join_ota_service.php:11)} >>> Processing POST \033[0;36mauto_join_ota_service\033[0m

1:: [1617] [2016/04/05 11:55:45.237] signerIndex = 0, signStatus = 1

2:: [1617] [2016/04/05 11:55:45.240] <\033[0;32m172.28.83.128\033[0m> {OTAServiceCommon (auto_join_ota_service.php:16)} OTAServiceCommon: incoming_request = {

'CHALLENGE'=>'044239e0-d9bc-0133-d952-38c986232945',

'COMPROMISED'=>'',

'DEVICE_NAME'=>'Madan\u2019s Mac mini',

'DeviceID'=>'',

'IMEI'=>'',

'MEID'=>'',

'NotOnConsole'=>'',

'PRODUCT'=>'Macmini7,1',

'SERIAL'=>'C07QM0DPG1HY',

'UDID'=>'3d7b2510385b5ac2bfc8a7b113401a84',

'UserID'=>'33571262-BE1C-4CE0-AD2B-D297223A5CAF',

'UserLongName'=>'Madan Sudhindra',

'UserShortName'=>'madansudhindra',

'VERSION'=>15E65

}

3:: [1617] <\033[0;32m172.28.83.128\033[0m> {PerformInTransaction (ota_service_common.php:312)} PerformInTransaction: connID=P:1617, txnID=_ota_service_transaction_challenge

2:: [1617] [2016/04/05 11:55:45.241] dmpgHelper is alive!

3:: [1617] <\033[0;32m172.28.83.128\033[0m> {ExecuteSQLFunction (target.php:122)} ExecuteSQLFunction: SELECT dm_merge_duplicate_device_rows_and_update(:d_id,:d_udid,:d_sn,:d_imei,:d_meid,:d_devid)

Params = {

'd_id'=>2160,

'd_udid'=>'3d7b2510385b5ac2bfc8a7b113401a84',

'd_sn'=>'C07QM0DPG1HY',

'd_imei'=>'',

'd_meid'=>'',

'd_devid'=>''

}

2:: [1617] [2016/04/05 11:55:45.746] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:216)} HTTP_ACCEPT_LANGUAGE = 'en-us'

2:: [1617] [2016/04/05 11:55:45.746] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:216)} popped loc='en-us'

2:: [1617] [2016/04/05 11:55:45.746] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:216)} loc = 'en'

2:: [1617] [2016/04/05 11:55:45.747] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:216)} 'scep_payload_description' => 'Configures SCEP'

2:: [1617] [2016/04/05 11:55:45.747] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:217)} loc = 'en'

2:: [1617] [2016/04/05 11:55:45.747] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:217)} 'scep_payload_display_name' => 'Device Credential Request'

2:: [1617] [2016/04/05 11:55:45.747] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:225)} loc = 'en'

2:: [1617] [2016/04/05 11:55:45.747] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:225)} 'scep_profile_description' => 'SCEP profile for Profile Manager Server.'

2:: [1617] [2016/04/05 11:55:45.747] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:226)} loc = 'en'

2:: [1617] [2016/04/05 11:55:45.747] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:226)} 'scep_profile_display_name' => 'SCEP Configuration Profile'

2:: [1617] [2016/04/05 11:55:45.748] <\033[0;32m172.28.83.128\033[0m> {_generate_scep_profile (ota_service_common.php:313)} <?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist

PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"

"http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>PayloadContent</key>

<array>

<dict>

<key>PayloadContent</key>

<dict>

<key>CAFingerprint</key>

<data>JX46vBQR21ImC2i8R8qV6jKQtGs=

</data>

<key>Challenge</key>

<string>MIIDywYJKoZIhvcNAQcDoIIDvDCCA7gCAQAxggHIMIIBxAIBADCBqzCBojE6MDgGA1UEAwwxTG9naXRlY2ggSW5jIE9wZW4gRGlyZWN0b3J5IENlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UECgwMTG9naXRlY2ggSW5jMSUwIwYDVQQLDBxNQUNPU1ggT3BlbkRpcmVjdG9yeSBSb290IENBMSYwJAYJKoZIhvcNAQkBFhdtc3VkaGluZHJhQGxvZ2l0ZWNoLmNvbQIEAs7+PTANBgkqhkiG9w0BAQEFAASCAQBsjWJfMxo7HOXUuu1Zcnf4CTnUKYluQXcVkz7Srzo7v1jHunFhFhzeqvnzDTydqsBOF9bppYAZBkFlmqKTLDktpusu/scFTEMgdbhUGWqvLR4wQaHfWi2YPRJfIsxXlKWlOqr7SIicngsgki8n8BTbPp3/SEvuUEWP+oEjgsOg9lBZFiJ2juTi4/DO3OYGNXIhDaFCOVQAkFv0ZxOvYG7zzuXWiR30pXxnP2jL44WS7x3rXDJJ0VAKakQEdLE2KZp9XVCNsYCibLfNSowi6muf1fe01zee+B8TRnzIk9OJdrQ7Dmdo2Ac5Mpz8bVVtsVVZ1Auatjde2F+BtS9ImyxGMIIB5QYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAgGrqnqUq1swoCCAcAuGhOFnjayHMvz36FBIiQXEAy7O7l+32SOdYkSNKOheFHg9KNiZOprkMpAfgJjjD+0a+KsBTPAY+ID0Y6dfKQqN04pInI0bdp9prTK1fV1Ysfea8coS7SeghEJIWvzL0Ixoj5ClqvpI/xQLXnqD0nUZ7AJ3FkcmiasXftDSL3uggEO1fvyDf1t18I2oeeFLs3uJfecZyCX4uC/9RZquXVbX8F8bXpIeMwbKQHyenoBoqxc+DS2ahEtJE6TfC8rzpIvnshQBuRjS8dZGmqQOPc83JQ0Xn+wlDC51GGGk0gVrS3x1xqQqB2KmurHDY6FoGAVpuw00j/4BYq9briQcx16cGv5sON3FCbCPPaZ/C6OOb0V+16XofcHNJw+vOTFreuEkqLH/DmTQE+aw8hlxOfVLDdiG8740nsjbuYmY3M+1zTrJg5qOUF3xbQ/b6oWnwjid7Z7bcZWgE6h0vLly/i6JyDxrUPKfjh094tiAyQ7awoTNcyWLtMx8FG+RPnyzIS16Q4o6uNkmG+hf1evB20SKGxNReNK6wtCB509FLCM2lWtrb4cYVU7eL1CoZAa7qgo3SVzqVftM/805DTqKP3d</string>

<key>Keysize</key>

<key>Key Usage</key>

<string>Device Management Identity Certificate</string>

<key>Subject</key>

<array>

<string>Device Management Identity Certificate</string>

</array>

<string>http://profilemanager.corp.pretendco.com:1640/scep/</string>

</dict>

<key>PayloadDescription</key>

<string>Configures SCEP</string>

<key>PayloadDisplayName</key>

<string>Device Credential Request</string>

<key>PayloadIdentifier</key>

<string>com.apple.mdmconfig.SCEP</string>

<key>PayloadOrganization</key>

<string>Pretendco Inc</string>

<key>PayloadType</key>

<string>com.apple.security.scep</string>

<key>PayloadUUID</key>

<string>4F476E83-E1A0-453B-9287-F4810CACEFAD</string>

<key>PayloadVersion</key>

</dict>

</array>

<key>PayloadDescription</key>

<string>SCEP profile for Profile Manager Server.</string>

<key>PayloadDisplayName</key>

<string>SCEP Configuration Profile</string>

<key>PayloadIdentifier</key>

<string>com.apple.profilemanager.corp.pretendco.com.scepconfig</string>

<key>PayloadOrganization</key>

<string>Pretendco Inc</string>

<key>PayloadRemovalDisallowed</key>

<key>PayloadType</key>

<string>Configuration</string>

<key>PayloadUUID</key>

<key>PayloadVersion</key>

</dict>

</plist>

0:: [1617] [2016/04/05 11:55:45.748] <\033[0;32m172.28.83.128\033[0m> {SignData (ota_service_common.php:237)} No signing certificate specified, unable to sign.

1:: [1617] [2016/04/05 11:55:45.749] <\033[0;32m172.28.83.128\033[0m> {SendFinalOutput (auto_join_ota_service.php:21)} <<< Sent Final Output (3372 bytes) - POST \033[0;36mauto_join_ota_service\033[0m

0:: [1617] [2016/04/05 11:55:45.749] <\033[0;32m172.28.83.128\033[0m> {SendFinalOutput (auto_join_ota_service.php:21)} Completed in 529ms | 200 OK [https://profilemanager.corp.pretendco.com/devicemanagement/api/device/auto_join_ota_service]

2:: [1616] [2016/04/05 11:55:46.865] <172.28.83.128> {GetAppPreference (common.php:64)} GetAppPreference: Pref for 'debugOutput' = 3

2:: [1616] [2016/04/05 11:55:46.865] <172.28.83.128> {GetAppPreference (common.php:66)} GetAppPreference: Pref for 'DBLogSQL' =

2:: [1616] [2016/04/05 11:55:46.865] <172.28.83.128> {GetAppPreference (common.php:66)} GetAppPreference: Pref for 'DBDebug' =

1:: [1616] [2016/04/05 11:55:46.868] <\033[0;32m172.28.83.128\033[0m> {require_once (auto_join_ota_service.php:11)} >>> Processing POST \033[0;36mauto_join_ota_service\033[0m

1:: [1616] [2016/04/05 11:55:46.877] signerIndex = 0, signStatus = 1

2:: [1616] [2016/04/05 11:55:46.880] <\033[0;32m172.28.83.128\033[0m> {OTAServiceCommon (auto_join_ota_service.php:16)} OTAServiceCommon: incoming_request = {

'COMPROMISED'=>'',

'DEVICE_NAME'=>'Madan\u2019s Mac mini',

'DeviceID'=>'',

'IMEI'=>'',

'MEID'=>'',

'NotOnConsole'=>'',

'PRODUCT'=>'Macmini7,1',

'SERIAL'=>'C07QM0DPG1HY',

'UDID'=>'3d7b2510385b5ac2bfc8a7b113401a84',

'UserID'=>'33571262-BE1C-4CE0-AD2B-D297223A5CAF',

'UserLongName'=>'Madan Sudhindra',

'UserShortName'=>'madansudhindra',

'VERSION'=>15E65

}

3:: [1616] <\033[0;32m172.28.83.128\033[0m> {PerformInTransaction (ota_service_common.php:315)} PerformInTransaction: connID=P:1616, txnID=_ota_service_transaction_udid

2:: [1616] [2016/04/05 11:55:47.031] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:77)} HTTP_ACCEPT_LANGUAGE = 'en-us'

2:: [1616] [2016/04/05 11:55:47.031] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:77)} popped loc='en-us'

2:: [1616] [2016/04/05 11:55:47.031] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:77)} loc = 'en'

2:: [1616] [2016/04/05 11:55:47.032] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:77)} 'mdm_profile_cred_display_name' => 'Device Credential Request'

2:: [1616] [2016/04/05 11:55:47.032] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:89)} loc = 'en'

2:: [1616] [2016/04/05 11:55:47.032] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:89)} 'mdm_payload_description' => 'Configures Mobile Device Management'

2:: [1616] [2016/04/05 11:55:47.032] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:90)} loc = 'en'

2:: [1616] [2016/04/05 11:55:47.032] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:90)} 'mdm_payload_display_name' => 'Device Management'

2:: [1616] [2016/04/05 11:55:47.032] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:101)} loc = 'en'

2:: [1616] [2016/04/05 11:55:47.032] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:101)} 'mdm_profile_description' => 'Allows the server to manage your device.'

2:: [1616] [2016/04/05 11:55:47.032] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:102)} loc = 'en'

2:: [1616] [2016/04/05 11:55:47.033] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:102)} 'mdm_profile_display_name' => 'Remote Management'

2:: [1616] [2016/04/05 11:55:47.033] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:115)} loc = 'en'

2:: [1616] [2016/04/05 11:55:47.033] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:115)} 'trust_payload_description' => 'Installs the Root certificate for %1$@.'

2:: [1616] [2016/04/05 11:55:47.033] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:116)} loc = 'en'

2:: [1616] [2016/04/05 11:55:47.033] <\033[0;32m172.28.83.128\033[0m> {I18n_t (ota_service_common.php:116)} 'trust_payload_display_name' => 'Root certificate for %1$@'

2:: [1616] [2016/04/05 11:55:47.034] <\033[0;32m172.28.83.128\033[0m> {GenerateMDMBindingProfile (ota_service_common.php:316)} <?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist

PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"

"http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>PayloadContent</key>

<array>

<dict>

<key>PayloadContent</key>

<dict>

<key>CAFingerprint</key>

<data>JX46vBQR21ImC2i8R8qV6jKQtGs=

</data>

<key>Challenge</key>

<string>MIIDywYJKoZIhvcNAQcDoIIDvDCCA7gCAQAxggHIMIIBxAIBADCBqzCBojE6MDgGA1UEAwwxTG9naXRlY2ggSW5jIE9wZW4gRGlyZWN0b3J5IENlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UECgwMTG9naXRlY2ggSW5jMSUwIwYDVQQLDBxNQUNPU1ggT3BlbkRpcmVjdG9yeSBSb290IENBMSYwJAYJKoZIhvcNAQkBFhdtc3VkaGluZHJhQGxvZ2l0ZWNoLmNvbQIEAs7+PTANBgkqhkiG9w0BAQEFAASCAQBhVaUKnCHpQojq9kV70QiWhAI5eTczJ0HiDHyi3PUJNJt11Pmd+xooZwYrTNT+fbyTzTnSctDv04A9YdQeUZHaUUC+Qy/bPu5T+cFdlzbmzjNxrk5ILRo/wJojCH2r6MivOWBSQjGpvMaeFMZY1+x5F20Rc9j+MPtrJxGL0MVvfif5FJ50p4fcs/E3wFT0DTclO3oQEgdSraq7NUbtJrA3xuoaP1WvoKOafjyT5nuztigpAMD9J6qRQ2NDjzfqNAwspc9STmEmft8dwksiKzEX68JL1VCTDjUbGdjz82+ISz58mGu/3JK2VZamzTpvVZscF8qz/dZHo4+fknPYS66MMIIB5QYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAjNdp7iQ8HAB4CCAcB3SExL1Gc2l33efi+aS4hEH1b92diRs4jzv09LNZvtdyOcQ9U0xylyMIHFclIR4bveJpZE8IGlicIszuRxBtSY5KPKEkBuKJthLSMJsZArnND0Xtiguy67WnlmrF59/di9BIteJkhaLD6AM6S+LYqnLN9Sc4ZEaJVWhYRsbNDEPabTjhRWj5yHxbN1wdF+WtUCe2fI3IHFq9D3SlGK0j65L/JtURZTRmYOUAXw/4/aW3CWx+K9RvdtomfQYbR1wJjs7mtB2EPQ4BKziKOEJBTN1jVDPca5oOq2hir5LTehpFsBwgxDt8YStml1RymvLijasC5WaZ4fB8Zqy3OOCSkJKMA9bU8FyulpEeJLDqxmfwP5ITNhhILqCQ7/BlZlqALmz8GgOA4l1DSYSx44DCHunJyddlBEF2NOxiI+GBUULjgpPmO0hxSTQOYA6LWYRpSJdn4g+mLl+v9T/EdPZbeJR83/UMPhkZakunBXMES8HE4Amw1M6ix1qEUnav/2pTM0z7cND38vLj7KVKuRJZyP5h73PPYmrlhnal5qjDYO9iEcIE1dZXK+vora3ECq3k4pnGHStzqWCeXFa/Ag2UdK</string>

<key>Keysize</key>

<key>Key Usage</key>

<string>Device Management Identity Certificate</string>

<key>Subject</key>

<array>

<string>MDM Identity Certificate:40fb9768-e060-465e-a525-6ac096e6a0f6</string>