Signing iOS mobileconfig files with your certificate

If you’ve ever used Apple’s iPhone Configuration Utility, you’ve probably noticed that it says ‘Unsigned’ when you send the .mobileconfig file to your device. To sign the profile, export or email the config file to yourself, have your certificate files handy, and type the following:

openssl smime \
-sign \
-signer your-cert.pem \
-inkey your-priv-key.pem \
-certfile TheCertChain.pem \
-nodetach \
-outform der \
-in ConfigProfile.mobileconfig \
-out ConfigProfile_signed.mobileconfig

The files you’ll need are:

your-cert.pem – this is the certificate you’ve been issued
your-priv-key.pem – this is your private key
TheCertChain.pem – this is the certificate chain (optional, in some cases)
ConfigProfile.mobileconfig – This is the unsigned copy of your configuration profile

The original instructions are located here.