Mobile Device Management solutions for K-8 school, where are the new iOS 7 features?

Similar Messages

• Need a Mobile Device Management Solution

  Martin2012 wrote:
  what type of phone? Company phones or BYOD?
  Company phones only. 

  My boss is wanting a Mobile Device Management solution in place.  More specifically, he's wanting to be able to track our sales team via GPS.  Right now, we're using Meraki's free MDM solution, but it doesn't track GPS properly.  Half the time it thinks people are around Atlanta, Georgia, which is definitely not right.  We don't want to spend a ton of money on this and it needs to be spot on with location tracking.  Any suggestions?
  This topic first appeared in the Spiceworks Community

• I tried to download the newest version for iTunes and now it is saying something about Apple Mobile Device. And now my iTunes will not complete the new download because of this. What does this mean???

  I tried to download the newest version for iTunes and now it is saying something about apple mobile device. Never heard of this before and now it will not finish downloading because of this. What is it?? What do i need to do to get itunes to download onto my computer again??

  I got most of it done but now it is not letting me delete my C:\Program Files\Common Files\Apple
  It says that file is open in another program....What do i need to do to delete that?
  Do you currently have the iCloud control panel installed? If so, uninstall that. Can you do the deletion now?

• Where are the Flash CS6 features for animators?

  It looks to me that Flash CS6 is quite a letdown to me. Almost none of what I wanted went through.
  No 64-bit support (Seriously? Yeah, even 32-bit programs run better in 64-bit OS*, but native 64-bit support is still desirable), no Photoshop application frame (Why, Adobe? Why Photoshop and Illustrator and no one else?), and I don't see any new drawing features featured in the website. The only thing I (remotely) liked would be the maximum canvas sixe finally going up to 8192 pixels.
  Just saying that this release is quite a letdown to me. It's basically CS5.5 with extra export options that I'm never going to need.
  I'll see how much 3D support this version will have. Maybe that part will change my opinion.
  * The idea of using a 32-bit OS in a modern multimedia workstation is a joke. You can't use more than about 3.5 GB of physical RAM across the entire OS. If you're using multiple 32-bit applications, 64-bit OS is more desirable. And I'm talking about Windows here; I don't know how Mac memory management works.

  I would like to see all these features:
  •Ability to sync MovieClips to the timeline (through some checkbox option)
  •Authortime Pixel Bender filters (imported to Library and available in Filters Panel)
  •ToonBoom's brush tool
  •Independent X, Y, Z keyframes (behaving like every other property curve)
  •Ability to parent one MovieClip to another (instance-based, author-time, like parenting in After Effects)
  •3D depth sorting
  •Abilty to toggle “Layer” blending independent of blending mode or filter
  •Moar blend modes! (Including AND and XOR)
  •Motion Tweens and Classic Tweens on the same layer
  •Polystar Tool options inside Properties Panel
  •Polystar Primitive (with Corner Radius, Inner Radius, etc.)
  •Ability to change Graphic symbols’ Play/Loop/Frame settings mid-tween (maybe even keyframed in Motion Editor)
  •Mutiple eases per property per tween span
  •Easier quadratic curves in Motion Editor
  •Ability to exceed 100% in the “Advanced” Color Effect (left column)
  •Custom easing for Shape Tweens
  •Ability to toggle between constraining proportions and constraining values themselves in the Transform Panel’s “scale” property (the latter was the behavior pre-CS4)
  •Make selecting Tween Spans the same as selecting other frames by default (frame-based)
  •Ability to import WMA and WMV files
  •Access of Shape properties in ActionScript (an inverse to the Drawing API)
  •Muting of individual sounds and/or layers with sound
  •“Angle” setting for blur (to make it bi-directional)
  •For loops in Pixel Bender
  •Special blurs for different properties (rotation, skew, scale, etc.) to simulate motion blur
  •Illustrator's symbolism tools (shifter, scruncher, sizer, spinner, stainer, and screener)
  •Diffusion curves (Orzan et. al. 2008)
  •MIDI support (including MIDI events in ActionScript)
  •Embedded video (works like bitmap sequence)
  •Distort transformation for symbols/vector-y 3D
  •Weighted strokes

• After downloading 4.0 on my Windows XP Firefox continues to work as before but none of the new features is available except for tabs on top. Where are the new features?

  Mozilla Firefox Installation Started: 2011-05-01 17:51:37
  Installation Details
  Install Dir: C:\Program Files\Mozilla Firefox
  Locale : en-US
  App Version: 4.0.1
  GRE Version: 2.0.1
  OS Name : Windows XP
  Target CPU : x86
  ==========================================
  The next time I started Firefox, the tabs were at the top but none of the other advertised new features for 4.0 have ever appeared, such as the Firefox button, ability to group tabs, etc. I even downloaded 4.0 two times, with the same result both times. I would really like to be able to use the new features. Thank you for your help.

  See [[What are Tab Groups?]]
  Other things you can do:<br><br>
  * Right click a blank part of the tab bar and click "Tabs on top" to remove the checkmark. Tabs will subsequently reappear below the search bar.<br><br>
  * Repeat the same steps, but click the top one called "Menu bar". This will reinstate the text links at the top. If you already have these, reverse the procedure to get the orange Firefox button<br><br>
  * To rearrange the layout, repeat the same steps again and choose "Customize". A panel will open and while that remains onscreen, you can move elements like toolbars, buttons etc around and place them anywhere you wish. You can also drag anything you don't like into that panel and add anything you want by dragging it out of there.<br><br>
  * To replace the status bar at the foot of the page, install this add-on: https://addons.mozilla.org/en-US/firefox/addon/status-4-evar/<br><br>
  See also: https://support.mozilla.com/en-US/home

• Encore cs4 files for creating dvd? where are the stored?

  Hi,
  I am in trouble.
  I have been working on project in Adobe Prem cs4 dragged it into encore.. all ok.
  made dvd.(some links I did didn't work...my learning)
  made dvd
  missed 3 seconds of footage.
  sorted in A prem. all gd in encore.
  remade dvd ( 4 hours to make)
  1 item had no sound.
  sorted in encore (2nd sound track instead of 1st) easy....
  remade dvd( 4 hours to make).
  computer took 20 minutes to show screen when turned on..
  It runs out of memory and i am looking for the place where secret files may be stored...maybe the ones that do the transcoding? or ones creating the dvd...maybe thats the cause???
  now i have 1.17MBof memory on my C: drive (300GB)
  xp service pack 3
  2.4 GHz 3.50 GB RAM
  2 external hard drives have Auto saves from Adobe Prem)
  I have deleted all the previous rendering which I thought was eating up the memory...)
  now i don't know what to do..
  absolutely desperate..
  What can I dump, so i can make the dvd and finish this project...
  Despeserate need a fresh brain to assist... it is all getting too technical//
  Cheers

  no typo... when i put mouse over C: that is what it said.. I minimsed Encore and Prem , as they were non responsive on every action for a minute or two... then closed, then uninstalled cs2 and then got 13 GB not enough to defrag( it did say it couldn't defrag a few files??? , which i do often.. enough to open them, tread very carefully, then burn the dvd. Preview was too slow to check, so luckily...well i checked all had sound, all footage was ok, all links worked and burnt. It took 4 hours to transcode, but it worked. Then I made 20 copies using encore...so with patience, assistance from the world I am back on track, but would love to clear the computer up so it can be defraged correctly and i have some speed back, and put my personal stuff back on, Pre project...CHEERS
  I use 2 external hardrive. 1 x 500GB Western Digital just USB, and 2nd one is Freeagent 300GB with power supply USB.
  My computer has only Software on it and is XPservice pack3  2.4 GHZ  3.50GB RAM. ASUS That is about all the techo stuff i know, ...wondered if graphics card could cause these problems??? it has been suggested???? what should i have??
  Cheers

• What are the New IOS Versions available for 2960 series Switches?

  Hi all,
  can anybody give the details about it?
  thanks,
  Haribabu.

  15.0(1)SE is the latest-and-greatest IOS.  Unfortunately, I personally wouldn't recommend this to anyone because this version has a memory leak that affects switches even before configs are loaded.
  Next is the 12.2(58)SE2.  This is so-so.  The earlier version has a memory leak similar (not the same) as the 15.0(1)SE but it is triggered differently.
  12.2(55)SE4 is probably the most stable of the "new" versions. 

• Apple advertised ios5 for iPad 1 as having all the new gesture features- what happened?

  Why does the iPad 1 not receive the gesture commands that were advertised? There is no way it is because of hardware limitations.

  They changed their minds, as to why I have no idea as they havn't said - and I think that is now listed as being iPad 2 only. And how do you know that it's not hardware related ? The first gen iPad has a slower processor and less memory so I assume that Apple have decided that it can't cope with it.

• Questions on mobile device management

  Hi All,
  I'm not sure where to post this question since I couldn't find a forum specific to Afaria, so thought someone here might be able to help.
  1. Afaria mobile device management solution claims that data and content is backed up and can be deleted if a device is stolen or lost. Can this deletion be done if the mobile is switched off of the SIM card has been removed? What is the mechanism of the data deletion process when the device is either ON/OFF?
  2. How does Afaria handle online and offline user authentication? If a mobile app is opened, can Afaria be configured to force the user to enter credentials for authentication? Or should there be a separate login page as a part of the mobile app? (The user's credentials are needed to find his role from LDAP and the rest of the app to work properly, which is y the question).
  Thanks & Regards,
  Vaishnavi

  This forum is fine for Afaria discussions and questions, no worries. 
  1.  If mobile device is switched off or not network connected then Afaria is not able to do anything with that device.  The content though would be secured, encrypted etc. so that there should be no risk as long as the device is switched off.  The "kill device" command that can be sent from Afaria will work if device is turned on and connected to a network.
  2.  Afaria can force quite a lot of things and one of them is regarding the device itself, forcing a password/pin type of unlocking.  The mobile app normally has it's own mechanism for authentication, user name and password.  That is a SUP function and has little to do with Afaria, I don't believe Afaria can force that part of authentication. 
  You can get a good overview of the technical part of Afaria here:  [Afaria Technical White paper|http://www.sybase.com/files/White_Papers/Afaria-Technical-WP.pdf]

• Trying to connect Digital AV Adapter to watch a movie from iPad to TV.  Asking to disconnect AirPlay and mirroring.  No button to do so.  Is this a result of the new iOS update?  Anyone have a solution?

  Trying to connect my Digital AV Adapter to watch Netflex or Amazon Prime movie from IPad to TV and asking to disconnect AirPlay &amp; mirroring.  I do not have Air Play and there is no way to do this.  Anyone have a solution?  Is this a result of the new iOS update?  Thank you.

  Try looking in the control panel by swiping up from the bottom of the screen.

• ISE integration with Mobile Device Management ( MDM ) help required

  Dear Techies,
       Am here bring to your notice an different issue and no much resources to support even in PEC or Cisco Document.
       We are conduction a Proof Of Concept (PoC) on  Secure Bring Your Own Device ( BYOD ) using Cisco ISE and gonna test all the scenarios like Wired, Wireless and VPN user access.
  Setup Brief :
  =========
        Our Setup has  ISE VM acting as Admin, Monitor and Profiling Device, we have NAC 3315 physical Appliance as Inline posture Device, Wireless LAN controller, Access point and the Identity source as Microsof Active Directory
       Having Plans to Integrate Mobile Device Management ( MDM ) and Citrix VDI setup also.
  Activity Brief:
  =========
       As of now we have tested the Wired Scenario Authentication and authorization for guest users and gonna carry out the profiling and posture.
  Clarifications Required
  ================
  Wired Scenario - Require some configuration / steps on how to carryout posture for the guest wired users i.e. LAPTOP.
  Wireless Scenario
  MDM can be integrated to ISE ? 
  How the MDM can be integrated to Cisco ISE configuration or Guide to show the same?
  What is the demarcation between MDM and ISE ( i.e. What is the role of ISE and MDM on Mobile Devices ) ?
  If MDM is available so then when the control of ISE ends, does MDM do management or ISE will do management of the devices ?
  Is MDM will do client provisioning or ISE should do ?
  Is MDM send or update patches of Mobile Devices ?
  As of now these are the scenarios, kindly revert if any good documents to show this or share your expertise on the Integration Part.
  Thanks for Reading...
  Arun

  I would like to avail your valuable inputs to understand on the  Client provisioning part for the Mobile Devices/ Laptop. I understand  from your reply that MDM integration is not available in the current  release ISE 1.1 - That is correct.
  Kindly let me know your views or any documents on the following scenarios with the current release in mind
  1. User  with Mobile devices connecting to Wireless  ( both Employee  and Guest ) , How the Flow differs for the Employee and Guest.  How the  client provisioning is done ( i.e. Like Posturing  or Compliance Check  ).
  The posturing and compliance check is done based on the user authentication information (i.e. AD memberOf vs Guest user) combined with the users endpoint (windows, mac osx, or a mobile device), ISE then has a few decisions to make based on the authorization policies. For example, if a Domain User coming from a Windows 7 machine joins the network, then can either use the nac agent, or the web agent. Then you can scan for registry settings, file settings, program requirements, hotfix compliance...and the list goes on. If the user fails a check then you can either assign an acl for the user so they only have guest access, or you can place them into a remediation vlan the options are entirely up to the requirements and however the solution is implemented.
  2. User  with Laptop  connecting to Wireless  ( both Employee  and Guest ). How the client provisioning is done ( i.e. Like Posturing   or Compliance Check ).
  Guests are usually redirected to the guest portal which they authenticate and their user group falls within the Guest container that is on the ISE internal database, that is usually coupled with an authorization profile that grants them internet access. For the client provisioning, that is usually done based on the operating system, via profiling (dhcp, and user agent string., netmap...etc) and can be fine tuned for all laptops or to a specific set of users based on their group membership.
  3. What are advantages of having ISE also in  place for Mobile devices, since most of the Mobile related tasks ( like  Authentication, Authorization, Profiling and  Posture ) are carried out  by MDM. I am checking for the significant advantage of having ISE for  Client network having only Mobile devices. Kindly clarify.
  Currently the advantage of Cisco ISE is that it supports profiling within wireless and really fits well within a network that has mostly Cisco products since they are all part of of the Borderless security initiative being driven on the backend. The product teams for wireless, wired, security (vpn..etc) and ISE are pretty close in building their solutions so that you can get connected with any device any where (sorry for the sales pitch). The latests wireless code is improving and is going to have support similar to the ios sensor for wired devices where dhcp, cdp, and other attributes can be sent in the radius packet for better profiling decisions. With integration for an MDM platform coming soon, and also support for TACACS rumored (have to verify with your account rep) you have options that really stand out from a unit that only supports MDM. Cisco ISE also comes with a wireless product ID so that makes the budget work when it comes to deploying ISE if you arent looking for enforcement on your wired devices.
  4. Do you recommend 802.1X Authentication to use for the Employee and Contractor? The Guest user  authentication as Open ?
  For internal users and vendors the best option by far is dot1x, almost all operating systems are capable of performing dot1x and the 1.1.1 MR has a piece now that can provision the supplicant for the users, by using scep to enroll certificates or configure peap settings.
  There is a feature within the guest portal that allows you to statically assign guests into endpoint group, that feature is called device registration web authentication. It seems like an open network but uses mac filtering to assign these devices to an endpoint without requiring users to enter any credentials. They are presented with an AUP page, once they accept their mac address is mapped to the endpoint group
  5. How can we ensure the Encryption of traffic from the Guest user to the NAD ( Network Access devices ) ?
  This may be a wireless question but I am sure the encryption is done using AES and using dot1x as the key management here is a brief background for this - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#L2
  You can also use the anyconnect client which can provide macsec which is layer 2 encryption for wired - http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-622477_ns1049_Networking_Solutions_Q_and_A.html
  6. We are also looking for VDI  ( Citrix, VMware ) solution for the  client  ( both Employee and Guest ) , how ISE can play a role in  securing the VDI environment.
  For most thin clients you can perform dot1x authentication on the device itself, however that is something the manufacturer will have to support. This is a little gray for me.
  7. Is that any integration required  with Citrix or VMware. How the  VDI can be offered based on the User  role ( i.e. Employee, Contractor or Guest ), since Guest database is  available only with ISE, how the checks are made from the VDI  environment.
  IN ISE there is an identity sequence which can authenticate users in AD first, if the user is not found then it can look in the internal database.
  Our solution demands  MDM in the integrated  solution, As on today ISE cant be integrated with MDM. so what kind of  solution we can propose to have MDM and Cisco ISE .Do the clients now  enter the network should have already installed the MDM agent (or) any  other way of pushing the same to the Client.
  Today there is no integration between the devices, the last release time I heard was December for this feature. However it would be best to confirm with your Cisco Account rep on this issue.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• How to get rid of mobile device management?

  So I upgraded my iPad to 8.1 and when it got done restoring and upgrading, during setup it said that this device was being setup by Schuyler Community School system and under the Mobile Device Management section there is a profile for Meraki Management.  How do I get rid of this?  It has all kinds of rights to remotely control my iPad.  I've tried restoring it again.  I deleted the downloaded iOS 8.1 upgrade from iTunes and had it download it again.  Same thing when the restore is complete.  Any ideas? 
  THank you!

  Sorry, but it sounds like you have received stolen property. Take a look at the back of the iPad and I bet you will see the Schuyler Community Schools tamper proof asset tag and also an engraving from Schuyler Community Schools. Please contact Schuyler Community Schools at 402 352-5514 and ask for the IT Director…Jeff. Thank you!

• Itunes Mobile device manager wont load/gone

  I bought a new ipad3 and i am having an error message come up when syncing my music  from my iTunes account on a HP Netbook (Windows XP) to my iPad3.
  I get an error message that the iTunes Mobile Device Manager is not connected. Using the new 10.6 OS upgrade....recently updated what has happened.
  I repaired iTunes in my Programs, tried to sync...no go. I then deleted iTunes completely and reinstalled.....same result....no Device Manager.
  Maybe I haven't deleted some or all programs first and then try to reinstall? ...maybe I missed something.
  All programs labeled Apple and iTunes were deleted...am I missing something?
  Thanks for any help and guidence.

  Refer to this article to restart AMDS,
  How to restart the Apple Mobile Device Service (AMDS) on Windows
  http://support.apple.com/kb/TS1567

• IOS Mobile Device Management - The SCEP server returned an invalid response

  I am in the process of writing an open source iOS mobile device management module in Java. For this I am referring the Apple provided Ruby code at [1]. I have set this up and it works fine for me. Now I need to convert this code to Java. So far I have accomplished to do that up to PKIOperation. In the PKI operation I get "The SCEP server returned an invalid response" which I believe is due to wrong response I sent to device upon PKIOperation.
  However when I do search on the internet I get this is something to do with the "maxHttpHeaderSize" as I am using the server as Apache Tomcat. Although I increase that since still it does not get resolved.
  Here is the code I need to convert - taken from Apple provided Ruby script
  if query['operation'] == "PKIOperation"
      p7sign = OpenSSL::PKCS7::PKCS7.new(req.body)
      store = OpenSSL::X509::Store.new
      p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
      signers = p7sign.signers
      p7enc = OpenSSL::PKCS7::PKCS7.new(p7sign.data)
      csr = p7enc.decrypt(@@ra_key, @@ra_cert)
      cert = issueCert(csr, 1)
      degenerate_pkcs7 = OpenSSL::PKCS7::PKCS7.new()
      degenerate_pkcs7.type="signed"
      degenerate_pkcs7.certificates=[cert]
      enc_cert = OpenSSL::PKCS7.encrypt(p7sign.certificates, degenerate_pkcs7.to_der,
          OpenSSL::Cipher::Cipher::new("des-ede3-cbc"), OpenSSL::PKCS7::BINARY)
      reply = OpenSSL::PKCS7.sign(@@ra_cert, @@ra_key, enc_cert.to_der, [], OpenSSL::PKCS7::BINARY)
      res['Content-Type'] = "application/x-pki-message"
      res.body = reply.to_der
  end
  So this is how I written this in Java using Bouncycastle library.
  X509Certificate generatedCertificate = generateCertificateFromCSR(
                  privateKeyCA, certRequest, certCA.getIssuerX500Principal()
                          .getName());
          CMSTypedData msg = new CMSProcessableByteArray(
                  generatedCertificate.getEncoded());
          CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
          edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(
                  receivedCert).setProvider(AppConfigurations.PROVIDER));
          CMSEnvelopedData envelopedData = edGen
                  .generate(
                          msg,
                          new JceCMSContentEncryptorBuilder(
                                  CMSAlgorithm.DES_EDE3_CBC).setProvider(
                                  AppConfigurations.PROVIDER).build());
          CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
          ContentSigner sha1Signer = new JcaContentSignerBuilder(
                  AppConfigurations.SIGNATUREALGO).setProvider(
                  AppConfigurations.PROVIDER).build(privateKeyRA);
          List<X509Certificate> certList = new ArrayList<X509Certificate>();
          CMSTypedData cmsByteArray = new CMSProcessableByteArray(
                  envelopedData.getEncoded());
          certList.add(certRA);
          Store certs = new JcaCertStore(certList);
          gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
                  new JcaDigestCalculatorProviderBuilder().setProvider(
                          AppConfigurations.PROVIDER).build()).build(
                  sha1Signer, certRA));
          gen.addCertificates(certs);
          CMSSignedData sigData = gen.generate(cmsByteArray, true);
          return sigData.getEncoded();
  The returned result here will be output in to the servlet output stream with the content type "application/x-pki-message".
  It seems I get the CSR properly and I generate the X509Certificate using following code.
  public static X509Certificate generateCertificateFromCSR(
          PrivateKey privateKey, PKCS10CertificationRequest request,
          String issueSubject) throws Exception {
      Calendar targetDate1 = Calendar.getInstance();
      targetDate1.setTime(new Date());
      targetDate1.add(Calendar.DAY_OF_MONTH, -1);
      Calendar targetDate2 = Calendar.getInstance();
      targetDate2.setTime(new Date());
      targetDate2.add(Calendar.YEAR, 2);
      // yesterday
      Date validityBeginDate = targetDate1.getTime();
      // in 2 years
      Date validityEndDate = targetDate2.getTime();
      X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(
              new X500Name(issueSubject), BigInteger.valueOf(System
                      .currentTimeMillis()), validityBeginDate,
              validityEndDate, request.getSubject(),
              request.getSubjectPublicKeyInfo());
      certGen.addExtension(X509Extension.keyUsage, true, new KeyUsage(
              KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
      ContentSigner sigGen = new JcaContentSignerBuilder(
              AppConfigurations.SHA256_RSA).setProvider(
              AppConfigurations.PROVIDER).build(privateKey);
      X509Certificate issuedCert = new JcaX509CertificateConverter()
              .setProvider(AppConfigurations.PROVIDER).getCertificate(
                      certGen.build(sigGen));
      return issuedCert;
  The generated certificate commonn name is,
  Common Name: mdm(88094024-2372-4c9f-9c87-fa814011c525)
  Issuer: mycompany Root CA (93a7d1a0-130b-42b8-bbd6-728f7c1837cf), None
  [1] - https://developer.apple.com/library/ios/documentation/NetworkingInternet/Concept ual/iPhoneOTAConfiguration/Introduction/Introduction.html

  I am in the process of writing an open source iOS mobile device management module in Java. For this I am referring the Apple provided Ruby code at [1]. I have set this up and it works fine for me. Now I need to convert this code to Java. So far I have accomplished to do that up to PKIOperation. In the PKI operation I get "The SCEP server returned an invalid response" which I believe is due to wrong response I sent to device upon PKIOperation.
  However when I do search on the internet I get this is something to do with the "maxHttpHeaderSize" as I am using the server as Apache Tomcat. Although I increase that since still it does not get resolved.
  Here is the code I need to convert - taken from Apple provided Ruby script
  if query['operation'] == "PKIOperation"
      p7sign = OpenSSL::PKCS7::PKCS7.new(req.body)
      store = OpenSSL::X509::Store.new
      p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
      signers = p7sign.signers
      p7enc = OpenSSL::PKCS7::PKCS7.new(p7sign.data)
      csr = p7enc.decrypt(@@ra_key, @@ra_cert)
      cert = issueCert(csr, 1)
      degenerate_pkcs7 = OpenSSL::PKCS7::PKCS7.new()
      degenerate_pkcs7.type="signed"
      degenerate_pkcs7.certificates=[cert]
      enc_cert = OpenSSL::PKCS7.encrypt(p7sign.certificates, degenerate_pkcs7.to_der,
          OpenSSL::Cipher::Cipher::new("des-ede3-cbc"), OpenSSL::PKCS7::BINARY)
      reply = OpenSSL::PKCS7.sign(@@ra_cert, @@ra_key, enc_cert.to_der, [], OpenSSL::PKCS7::BINARY)
      res['Content-Type'] = "application/x-pki-message"
      res.body = reply.to_der
  end
  So this is how I written this in Java using Bouncycastle library.
  X509Certificate generatedCertificate = generateCertificateFromCSR(
                  privateKeyCA, certRequest, certCA.getIssuerX500Principal()
                          .getName());
          CMSTypedData msg = new CMSProcessableByteArray(
                  generatedCertificate.getEncoded());
          CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
          edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(
                  receivedCert).setProvider(AppConfigurations.PROVIDER));
          CMSEnvelopedData envelopedData = edGen
                  .generate(
                          msg,
                          new JceCMSContentEncryptorBuilder(
                                  CMSAlgorithm.DES_EDE3_CBC).setProvider(
                                  AppConfigurations.PROVIDER).build());
          CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
          ContentSigner sha1Signer = new JcaContentSignerBuilder(
                  AppConfigurations.SIGNATUREALGO).setProvider(
                  AppConfigurations.PROVIDER).build(privateKeyRA);
          List<X509Certificate> certList = new ArrayList<X509Certificate>();
          CMSTypedData cmsByteArray = new CMSProcessableByteArray(
                  envelopedData.getEncoded());
          certList.add(certRA);
          Store certs = new JcaCertStore(certList);
          gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
                  new JcaDigestCalculatorProviderBuilder().setProvider(
                          AppConfigurations.PROVIDER).build()).build(
                  sha1Signer, certRA));
          gen.addCertificates(certs);
          CMSSignedData sigData = gen.generate(cmsByteArray, true);
          return sigData.getEncoded();
  The returned result here will be output in to the servlet output stream with the content type "application/x-pki-message".
  It seems I get the CSR properly and I generate the X509Certificate using following code.
  public static X509Certificate generateCertificateFromCSR(
          PrivateKey privateKey, PKCS10CertificationRequest request,
          String issueSubject) throws Exception {
      Calendar targetDate1 = Calendar.getInstance();
      targetDate1.setTime(new Date());
      targetDate1.add(Calendar.DAY_OF_MONTH, -1);
      Calendar targetDate2 = Calendar.getInstance();
      targetDate2.setTime(new Date());
      targetDate2.add(Calendar.YEAR, 2);
      // yesterday
      Date validityBeginDate = targetDate1.getTime();
      // in 2 years
      Date validityEndDate = targetDate2.getTime();
      X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(
              new X500Name(issueSubject), BigInteger.valueOf(System
                      .currentTimeMillis()), validityBeginDate,
              validityEndDate, request.getSubject(),
              request.getSubjectPublicKeyInfo());
      certGen.addExtension(X509Extension.keyUsage, true, new KeyUsage(
              KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
      ContentSigner sigGen = new JcaContentSignerBuilder(
              AppConfigurations.SHA256_RSA).setProvider(
              AppConfigurations.PROVIDER).build(privateKey);
      X509Certificate issuedCert = new JcaX509CertificateConverter()
              .setProvider(AppConfigurations.PROVIDER).getCertificate(
                      certGen.build(sigGen));
      return issuedCert;
  The generated certificate commonn name is,
  Common Name: mdm(88094024-2372-4c9f-9c87-fa814011c525)
  Issuer: mycompany Root CA (93a7d1a0-130b-42b8-bbd6-728f7c1837cf), None
  [1] - https://developer.apple.com/library/ios/documentation/NetworkingInternet/Concept ual/iPhoneOTAConfiguration/Introduction/Introduction.html

• HT5188 Will "removing apps from devices" also work with other mobile device management systems like i.e. Mobile Iron?

  As we are a very big company and working with a high end mobile device management system (Mobile Iron), we cannot use the configurator for iOS devices delivered with Mac OS.
  So my question is, whether it is or will be possible to reuse redemption codes also for devices being managed by other MDM systems than Apple configurator.

  As we are a very big company and working with a high end mobile device management system (Mobile Iron), we cannot use the configurator for iOS devices delivered with Mac OS.
  So my question is, whether it is or will be possible to reuse redemption codes also for devices being managed by other MDM systems than Apple configurator.