Enterprise Deployment Manual

Table Of Contents

78 Appendix B Configuration Profile Format

SubjectAltName Dictionary Keys

The SCEP payload can specify an optional SubjectAltName dictionary that provides

values required by the CA for issuing a certificate. You can specify a single string or an

array of strings for each key. The values you specify depend on the CA you’re using, but

might include DNS name, URL, or email values. For an example, see “Sample Phase 3

Server Response With SCEP Specifications” on page 85.

GetCACaps Dictionary Keys

If you add a dictionary with the key GetCACaps, the device uses the strings you provide

as the authoritative source of information about the capabilities of your CA. Otherwise,

the device queries the CA for GetCACaps and uses the answer it gets in response. If the

CA doesn’t respond, the device defaults to GET 3DES and SHA-1 requests.

APN Payload

The APN (Access Point Name) payload is designated by the com.apple.apn.managed

PayloadType value. In addition to the settings common to all payloads, this payload

defines the following:

Key Value

DefaultsData Dictionary, mandatory. This dictionary contains two key/value

pairs.

DefaultsDomainName String, mandatory. The only allowed value is

com.apple.managedCarrier.

apns Array, mandatory. This array contains an arbitrary number of

dictionaries, each describing an APN configuration, with the

key/value pairs below.

apn String, mandatory. This string specifies the Access Point Name.

username String, mandatory. This string specifies the user name for this

APN. If it’s missing, the device prompts for it during profile

installation.

password Data, optional. This data represents the password for the user for

this APN. For obfuscation purposes, it’s encoded. If it’s missing

from the payload, the device prompts for it during profile

installation.

proxy String, optional. The IP address or URL of the APN proxy.

proxyPort Number, optional. The port number of the APN proxy.