Category filter
Configuration profile to deploy certificates to Apple TV
A digital certificate acts as a security tool that authenticates clients or servers in a network and encrypts information for confidentiality. They are widely used to establish secure connections, prevent unauthorized access, and ensure data integrity. With Hexnode’s custom configuration profile feature, you can deploy certificates to your tvOS devices as per your needs and specifications.
Disclaimer:
The sample configuration profiles provided below are created using various profile creator applications.
Notes:
This configuration profile is supported on macOS 10.13 or later.
Deploy PEM certificate
You can refer to the following template to create a configuration profile to deploy a PEM certificate.
Notes:
The supported certificate file extensions are .crt, .cer, .pem, and .key.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <data></data> <key>PayloadIdentifier</key> <string></string> <key>PayloadType</key> <string>com.apple.security.pem</string> <key>PayloadUUID</key> <string></string> <key>PayloadVersion</key> <integer></integer> </dict> </array> <key>PayloadDisplayName</key> <string></string> <key>PayloadIdentifier</key> <string></string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string></string> <key>PayloadVersion</key> <integer></integer> </dict> </plist> |
Here is an example,
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <data>MIICMzCCAZygAwIBAgIJALiPnVsvq8dsMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYTAlVTMQwwCgYDVQQIEwNmb28xDDAKBgNVBAcTA2ZvbzEMMAoGA1UEChMDZm9vMQwwCgYDVQQLEwNmb28xDDAKBgNVBAMTA2ZvbzAeFw0xMzAzMTkxNTQwMTlaFw0xODAzMTgxNTQwMTlaMFMxCzAJBgNVBAYTAlVTMQwwCgYDVQQIEwNmb28xDDAKBgNVBAcTA2ZvbzEMMAoGA1UEChMDZm9vMQwwCgYDVQQLEwNmb28xDDAKBgNVBAMTA2ZvbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzdGfxi9CNbMf1UUcvDQh7MYBOveIHyc0E0KIbhjK5FkCBU4CiZrbfHagaW7ZEcN0tt3EvpbOMxxc/ZQU2WN/s/wPxph0pSfsfFsTKM4RhTWD2v4fgk+xZiKd1p0+L4hTtpwnEw0uXRVd0ki6muwV5y/P+5FHUeldq+pgTcgzuK8CAwEAAaMPMA0wCwYDVR0PBAQDAgLkMA0GCSqGSIb3DQEBBQUAA4GBAJiDAAtY0mQQeuxWdzLRzXmjvdSuL9GoyT3BF/jSnpxz5/58dba8pWenv3pj4P3w5DoOso0rzkZy2jEsEitlVM2mLSbQpMM+MUVQCQoiG6W9xuCFuxSrwPISpAqEAuV4DNoxQKKWmhVv+J0ptMWD25Pnpxeq5sXzghfJnslJlQND</data> <key>PayloadIdentifier</key> <string>com.apple.security.pem.94CFF768-3FC9-4300-868B-3F67457FF1E8</string> <key>PayloadType</key> <string>com.apple.security.pem</string> <key>PayloadUUID</key> <string>94CFF768-3FC9-4300-868B-3F67457FF1E8</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDisplayName</key> <string>CertificatePEM</string> <key>PayloadIdentifier</key> <string>PEMCertificate.94534E9B-D1A8-4392-BEA3-CEA919F07619</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>EA2E5483-7BF9-48D3-9F7A-CC25AC82FD08</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist |
Deploy Root certificate
You can refer to the following template to create a configuration profile to deploy a root certificate.
Notes:
The supported certificate file extensions are .crt, .cer, and .pem.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <data></data> <key>PayloadIdentifier</key> <string></string> <key>PayloadType</key> <string>com.apple.security.root</string> <key>PayloadUUID</key> <string></string> <key>PayloadVersion</key> <integer></integer> </dict> </array> <key>PayloadDisplayName</key> <string></string> <key>PayloadIdentifier</key> <string></string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string></string> <key>PayloadVersion</key> <integer></integer> </dict> </plist> |
Here is an example,
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadCertificateFileName</key> <string>CertificateRoot</string> <key>PayloadContent</key> <data>MIIFkjCCBHqgAwIBAgIGAVGFkFcjMA0GCSqGSIb3DQEBCwUAMIHNMV8wXQYDVQQDDFZDaGFybGVzIFByb3h5IEN1c3RvbSBSb290IENlcnRpZmljYXRlIChidWlsdCBvbiBHcmFoYW1zLU1hY0Jvb2stUHJvLmxvY2FsLCA4IERlYyAyMDE1KTEkMCIGA1UECwwbaHR0cDovL2NoYXJsZXNwcm94eS5jb20vc3NsMREwDwYDVQQKDAhYSzcyIEx0ZDERMA8GA1UEBwwIQXVja2xhbmQxETAPBgNVBAgMCEF1Y2tsYW5kMQswCQYDVQQGEwJOWjAeFw0wMDAxMDEwMDAwMDBaFw00NTAyMDQwNzA2NDdaMIHNMV8wXQYDVQQDDFZDaGFybGVzIFByb3h5IEN1c3RvbSBSb290IENlcnRpZmljYXRlIChidWlsdCBvbiBHcmFoYW1zLU1hY0Jvb2stUHJvLmxvY2FsLCA4IERlYyAyMDE1KTEkMCIGA1UECwwbaHR0cDovL2NoYXJsZXNwcm94eS5jb20vc3NsMREwDwYDVQQKDAhYSzcyIEx0ZDERMA8GA1UEBwwIQXVja2xhbmQxETAPBgNVBAgMCEF1Y2tsYW5kMQswCQYDVQQGEwJOWjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALZ+RVqfvyCzq6/q+kS3BdntLhaJi22GlOoHyx4LqgZl7T+wjjZ8gdM6lIm6P7WiKN86tVEqP/7rH6m5t/3IHMnE279HN6NSsiAkCw8WQiMkqxxJj4bBhuUcNP84d9b2zTqUqAbklQCuy/DA/rxJqcsbvqkbToJA5bWBX0wrGlpXlGr5do/K5t7bxpERh6T/m7W6S4Gc7ad3+l6izeue+8M5onCqXyu9Xcj+3wrXmzcndlNCv4mMvHEjRpun/k5ECPBqju6jDou3YMCVOGMaRNZPagk2s/rFykY6mUfYG9NlXRHP7zvtlxWyocsP7MoiXF3RtKZ+/A58T3cOs9/ZsvMCAwEAAaOCAXQwggFwMA8GA1UdEwEB/wQFMAMBAf8wggEsBglghkgBhvhCAQ0EggEdE4IBGVRoaXMgUm9vdCBjZXJ0aWZpY2F0ZSB3YXMgZ2VuZXJhdGVkIGJ5IENoYXJsZXMgUHJveHkgZm9yIFNTTCBQcm94eWluZy4gSWYgdGhpcyBjZXJ0aWZpY2F0GSBpcyBwYXJ0IG9mIGEgY2VydGlmaWNhdGUgY2hhaW4sIHRoaXMgbWVhbnMgdGhhdCB5b3UncmUgYnJvd3NpbmcgdGhyb3VnaCBDaGFybGVzIFByb3h5IHdpdGggU1NMIFByb3h5aW5nIGVuYWJsZWQgZm9yIHRoaXMgd2Vic2l0ZS4gUGxlYXNlIHNlZSBodHRwOi8vY2hhcmxlc3Byb3h5LmNvbS9zc2wgZm9yIG1vcmUgaW5mb3JtYXRpb24uMA4GA1UdDwEB/wQEAwICBDAdBgNVHQ4EFgQUcc8I4xXSdaFRISmIwGeCqhY6nhwwDQYJKoZIhvcNAQELBQADggEBADBuM0VZmxjQejORsGewl0Oy3K/Lfm5+STHiZH+cWACIQF4KEUMuf13/Hxy9EZbtckgDyOlT4lMge7PKYw/qrVo2Zm4xj1cVOHef+H4jRwoQ7UZBUAQhsQDMow408F6A6UY/AGdIGcrUp/ulQmMNr5+6yTnzm1RiMjajpTi9oxxV+1oUVSIMu7nk9qFplbCjEPxU8UB2R0YVd2vhaEdrdq1LwGTWj5sJiVBaFdzIu/ABV+H2Frij2wASrv1JdR2buDTfgTacGqkfm6ajIlF5JyqXe1ZlIb38mlelg5maZNPjsljvNQ+FSnOctNmcbAmvH9FxsQ/wYThbkYM63Dii9EQ=</data> <key>PayloadDescription</key> <string>Adds Certificate Root</string> <key>PayloadDisplayName</key> <string>Root Certificate</string> <key>PayloadIdentifier</key> <string>com.apple.security.root.0CAC2FD7-7D19-490E-B281-8391D4ACE6E4</string> <key>PayloadType</key> <string>com.apple.security.root</string> <key>PayloadUUID</key> <string>0CAC2FD7-7D19-490E-B281-8391D4ACE6E4</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDisplayName</key> <string>CertificateRoot</string> <key>PayloadIdentifier</key> <string>RootCertificate.94534E9B-D1A8-4392-BEA3-CEA919F07619</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>962C272D-2B71-4CF6-9654-0F965EFA70FC</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist> |
Distribute custom configuration profiles
- Log in to the Hexnode console.
- Navigate to Policies > New Policy.
- Provide a policy name and description (optional).
- Go to Apple TV > Deploy Custom Configuration > Configure > Choose File.
- Choose and upload the custom configuration profile from the device. If the file is already uploaded, you may select it from the list.
- Click OK.
- Navigate to Policy Targets.
- Select devices/device groups/users/user groups/domains to associate the policy. Click OK.
- Click Save.
What happens at the device end?
The certificate is deployed to the associated device. You can verify that the certificate has been deployed from Settings > General > Profiles & Device Management > Hexnode MDM > More Details on the device. It will be displayed under Certificates.
Notes:
- To create and customize configuration profiles, you can use tools like Apple Configurator, Profile Manager or manually create them using text editors.
- Use non-encrypted .mobileconfig, .xml, or plist files to deploy profiles across devices.
- Ensure that you do not associate conflicting configurations with the devices.
- Use wildcards to fetch key values from the portal.
- It is recommended to manually validate the configuration profile on a system before executing it in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the configuration profile.
Need more help?
