Sign Profiles from commandline using profile Manager Code signing Certificate.

Sign any (manually created) profiles without a developper Code signing Certificate by using Profile Manager Code signing Certificate.

It works with any profile so far even those created with Apple Configurator or those found on github.

The script have to be runned from the OD Master hosting the ProfileManager.

The script can be found on github :

Retrieve the code signing certificate

security find-identity -p codesigning

You should see something like this.
the Valid identities only is what you want.

Policy: Code Signing
  Matching identities
  1) 41F20C835F4FCBEB164127DCFBDA8B58259B1169 "Apple Configurator (40:6C:8F:14:E8:4D)" (CSSMERR_TP_INVALID_ANCHOR_CERT)
  2) F62FAAE2A81781A50EE2F334E59B51C0316D783E " Code Signing Certificate"
     2 identities found

  Valid identities only
  1) F62FAAE2A81781A50EE2F334E59B51C0316D783E " Code Signing Certificate"
     1 valid identities found


Edit the script

Modify the script and edit the variable ProfileManagerServerCodeSigningCertificate in

ProfileManagerServerCodeSigningCertificate=" Code Signing Certificate"

Then run the script using sudo with 2 parameters :

  • $1 input file – the unsigned profile
  • $2 output file – the signed profile

make the script executable

chmod +x

#move to the folder containing the profiles you want to sign.

cd /path/to/my/ProfilesRepo

#Run the script 
sudo /path/to/the/script/ jdoe.IMAP.mobileconfig jdoe.IMAP.signed.mobileconfig

Other scripts

To Create Ical CalDav profile

run the script with no variables to get help

To Create IMAP profile

run the script with no variables to get help

Final note

Be aware that password are not encrypted in the profiles.


Product and graphic designer turned to be a Mac SysAdmin.

Posted in Admin, Github, Mac Tagged with: , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>