Not able to download certificate using intune company portal - intune

I have company provided Samsung S20. I have successfully installed Microsoft's Intune Company Portal App.
Then I was also able to register company portal. However after connecting to company portal, it suppose to download certificate from the company portal. But its not downloading any certificate or i dont see any notifications that it is downloaded.
Once i have the certificate, i will use it to connect to Access Point. But that's next step after i have the certificate.
1>What could be the potential issue for not downloading certificate?
2>Where and how can i view the logs?
3>In Company Portal App, Under settings i see Diagnostic Data-> Copy logs. Which says Copy logs to SD card. Where does it actually copies logs.
4>I am connecting from home. Is there any settings i need to do on router.
Note that, I also have company provided iPhone. and I was able to install and configure everything without any issue.

1>What could be the potential issue for not downloading certificate?
It depends on what you need the certificate for. How are you issuing the certificate to the device? via configuration policy?
2>Where and how can i view the logs?
Plug the device into a computer and allow USB to transfer data and files. Should be under Android\Com.microsoftintunecompanyportal\data
3>In Company Portal App, Under settings i see Diagnostic Data-> Copy logs. Which says Copy logs to SD card. Where does it actually copies logs.
refer to previous answer
4>I am connecting from home. Is there any settings i need to do on router.
Sounds like you're trying to get a trust certificate on the device but I would need to understand more about what you're trying to do. RIght now I'm working on a wifi profile for android devices and am using SCEP certificates to do that. But you're welcome to read this to try to gain a better understanding.
https://learn.microsoft.com/en-us/mem/intune/protect/certificates-configure

Related

How to install custom client certificate and Trust it while using fiddler/Charles

I am trying to debug one third party mobile application, specifically network calls, When I am using fiddler and charles proxy on the first network call itself. the app shows error that client certificate on the device is not trusted and ask me to switch to mobile network instead of wifi. also when I accept the risk using the same network. The app shows that there is no internet connection.
I think the app is able to detect that the ceritificate is not the orignal client cert. and thus throwing the warning. Can I download the website or app HTTPS certificate and put it in PC as well as iPhone just like I did for fiddler root certificate.
Same issue is happening with charles proxy also.
I see that you are using an iPhone, have you looked at About/Certificate Trust Settings and enabled the full trust switch after installing the (Charles) certificate?

How can I make my service deployed locally visible for a Google Home device app?

I've created my action on Google development project and I've deployed a self signed service locally(in the local network) which I've added for fulfilment on the Action settings. Now I see my app in the Google Assistant, under Add devices, but when I try to link accounts(the account linking was also set previously), the action.devices.SYNC is not triggered and I get the "Couldn't update the settings. Check your connection". My phone is also in the same network. What am i missing?
All Google Assistant Actions, including Smart Home Actions, go through Google's cloud. Even requests from your phone or Google Home device to the smart device on the same LAN go through Google's servers.
Google's servers need to be able to contact your local service, so it needs to have a globally accessible IP address/name.

Unable to push notifications via urbanairship to APNS

I am using the APNS for my app in development mode. I integrated with the Urban Airship as per the getting started document they provided on their portal:
Created the certificate in Apple provisioning portal. Imported the .p12 file to Urban Airship app(in dev mode with debug enabled)
Now when I open the application, it shows me the alert and asks me for the permission to enable notification. Once that is done and I try to test push a message from the Urban Airship portal to my device using the device token generated, I get the common error:
Apple Push service rejected device token "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
I searched on google and found this to be a very common problem; however with no solution. Most answers mention that the prod and dev environment conflict is the cause, however that is not the case in my case as I did not create the prod app in Urban Airship nor in the APNS dev certificate. The settings in my AirshipConfig.plist are:
APP_STORE_OR_AD_HOC_BUILD : NO
Development_App_Key: XXXXXXXXXXX
Development_App_secret: XXXXXXXXXX
(not master secret, just the dev app secret.)
Nowhere did I find the response from any user who asked the question and later got it resolved. So, I am not sure how people resolved it when they got stuck. All suggests to recheck the environment conflicts, which is not there in my case.
If anyone has any idea, please suggest the possible solutions as this is a blocker for our release. Pls also respond if this is a generic error which almost everyone gets with Urban Airship, and if Free UA account is not a feasible service for testing.
I've been fighting with these issues the last few days. The thing that fixed it for me was creating a non-wildcard identifier that was using a development provisioning profile.
Until I did this I was only able to have APP_STORE_OR_AD_HOC_BUILD : YES
Things worth checking:
Provisioning profile is set to development
Application bundle ID matches the Urban Airship bundle Id.
You can check the Urban Airship bundle Id that is used by going to:
Settings
API Keys
(See the right hand side and there should be a box that contains the iOS Bundle ID.)
Finally make sure your keys in the plist all match.
Also as you probably know, you cannot test push notifications with the simulator. I Hope this helps.

How to Deploy Apple Push Notification Certificate to Customer Site

Question: How can I securely include the SSL cert required for push notifications in the installer for my server product?
Background: Apple Push Notifications require a client SSL cert to be in place on the server that's making the calls to Apple.
My product has a traditional client/server architecture, i.e. a customer installs the server within their intranet and then obtains the iOS client from the App Store and connects the client to their instance of the server.
The point here is that the customer installs the server themselves, rather than a cloud architecture where I would manage the server myself.
My problem is that I don't know how to package the push notification certificate in the server installer in a secure way. I can't distribute the .p12 file without a password because that would expose my private key, and I can't use a password because the password would have to be included somewhere else in the installer which would defeat the purpose. Do I need to relay messages from all of my customers through a server that I manage, which has the SSL client cert? Do I need to install the SSL cert by hand into every one of my customers' sites?
Surely others must have run into this problem already? Or has everyone moved to the cloud?
Here is a major observation that happened to me over the weekend regarding Apple Push certificates. While there many references out there to setting up the Apple Push server side certificates, here is a MAJOR point I discovered that I cannot find referenced in any Apple documentation, or via google.
My situation: I have Push Certificates (sandbox) working great on Windows Server. Now it is time for production. Installation of production certs is successful like many times before. However, while the production push transmission completes error free, no pushes are generated to the device. Hmmm.
I just HAPPEN to notice that my Mac's time is roughly a minute off from the Windows Server (command-tabbing between MacOS and VM-Ware). Looking at Windows and Mac Settings, I see Windows internet time is set for "time.windows.com", and the mac for "time.apple.com". Just for kicks, I change the windows server time to "time.apple.com". Instantly, pushes are now being sent to the device. Nice. :-)
I dodged a major bullet here, this would have probably driven me insane trying to figure this one out. I do not claim to be an SSL cert guru... I (like most every one) just want to get this stuff to work because we have bigger fishes to fry.
I hope this is useful information.
I know only the solutions to install certificates for push notifications :
.p12, the password is in the code of the sending
.cer (.p12+private key) the password is requested at the importing of the certificate.
In the first case, you can deploy your solution, and download some code, for example xml with the password.

Apple APNs 2048-bit TLS/SSL certificate update

Today i received an email from apple telling they are changing something connected with push notifications, and wanted to ask what to do with the certificate they gave me link to... My server runs debian lenny, and im using php5 to send push notifications to apple apns. Do i have to just like... add it somewhere, or replace the 'old' one ?
Download the entrust_2048_ca.cer file, and install it on the servers that communicate with Apple's notification services. No need to do renew your actual push certificates, also you should not have to change anything in your code.
The important thing is that the servers that actually communicate with Apple's notification services have the certificate installed.
If you are lucky, your push server is already in contact with a Certificate Authority root, and this will solve the issue for you automagically. However, if you should lose that connection, your notifications will be out of order unless you have a "local" version of the certificate.
I am looking for the same solution, a quick hint from another forum says "simply download the .cer file and install it" http://www.iphonedevsdk.com/forum/iphone-sdk-development/66878-apns-question-email-apple.html.
We will try on our linux server and please see if this works for your situation.
I downloaded and copied the https://www.entrust.net/downloads/binary/entrust_2048_ca.cer file into /etc/ssl on my OpenBSD server. I haven't changed any of my server side code which is actually not using the entrust cert in any way. (I use the certs from Apple's provisioning site.)
On Dec 23rd, my notifications are sent and received with or without the entrust cert. I am confused about how exactly I am supposed to use the entrust cer file.
I think this sentence from the email from Apple tells me I am ok:
If you have been successfully
validating the certificate chain in
the APNs sandbox environment, you
already have the root certificate you
need. Simply install the same root
certificate on your production push
provider servers.
i.e.
Notifications were and are sent, hence my server already has what it needs.
UPDATE:
What I wrote above seems to be the case. If you use a fairly recent server you likely don't have to do anything at all. The sandbox environment has been using 2048 bits since March 2010. If it has been working, you are set. Full info here:
http://www.24100.net/2010/12/latest-apple-push-notification-certificate-changes-decrypted/
My PHP5 scripts that connect to the Apple Push Server are hosted on a Fedora system. For me, the migration was transparent. I had nothing to do despite I can't find the Entrust certificate somewhere on my system. Maybe is it available with the PHP5 SSL library.

Resources