MDM profile for a binary with multiple signatures

Business & Education Device Management
htadevosyan OP
Created Apr ’25
Replies 2
Boosts 2
Views 1.5k
Participants 2

Hello,

we use an MDM profile that enables FDA for our program. The Identifier is set to be the path to our program. We'd like to have a profile that allows multiple CodeSignatures. Our older programs are signed with a different certificate than the current ones.

We tried deploying 2 profiles (one for the 'old certificate' signed binary and the other for the 'new certificate' signed binary). But it looks like that MacOS accepts only one.

I have also tried to use ProfileCreator to generate a profile with 2 entries, but it fails to do it. Manually editing the XML file and adding new entries does not work either.

I'd like to know if there's a workaround for this issue.

Answered by htadevosyan in 879661022

Apparently you can put 'or' keyword in the profile like this:

... and (certificate leaf[subject.OU] = "X"; or certificate leaf[subject.OU] = "Y")
Replies  2
Boosts  2
Views  1.5k
Participants  2
htadevosyan OP
1w
Accepted Answer

Apparently you can put 'or' keyword in the profile like this:

... and (certificate leaf[subject.OU] = "X"; or certificate leaf[subject.OU] = "Y")
0
DTS Engineer OP
Apple
1w

I’m glad you’re making progress here.

The strings you’re manipulating here are call code signing requirements. For more background on that, see TN3127 Inside Code Signing: Requirements and the various docs it links to.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
MDM profile for a binary with multiple signatures
First post date Last post date
 
 
Q