Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/server
History
Victor Lyuboslavsky 25d9a2b043
Allow APNS key to be in unencrypted PKCS8 format (#24570) 
#23760 

Manual QA done:
1. Get the current APNS key using tools/mdm/assets tool.
2. Convert it to a PKCS8 key like: `openssl pkcs8 -topk8 -inform PEM
-outform PEM -in mdm_assets/apns_key.key -out mdm_assets/apns_pkcs8.key
-nocrypt`
3. Delete all `apns` and `scep` rows from `mdm_config_assets` DB table.
4. Point to the PKCS8 key like:

```
export FLEET_MDM_APPLE_APNS_KEY=/Users/victor/work/fleet/mdm_assets/apns_pkcs8.key

export FLEET_MDM_APPLE_APNS_CERT=/Users/victor/work/fleet/mdm_assets/apns_cert.crt
export FLEET_MDM_APPLE_SCEP_CERT=/Users/victor/work/fleet/mdm_assets/ca_cert.crt
export FLEET_MDM_APPLE_SCEP_KEY=/Users/victor/work/fleet/mdm_assets/ca_key.key
export FLEET_MDM_APPLE_SCEP_CHALLENGE=$(cat /Users/victor/work/fleet/mdm_assets/scep_challenge)
```

This step may be tricky. Might be simpler to spin up a fresh Fleet
server with the SCEP/APNS values.

5. Start fleet server. Make sure APNS works by pushing/deleting a
profile.
6. Renew APNS cert and make sure the new cert still works.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-12-09 16:23:22 -06:00
..
authz Allow team admins/maintainers to view Fleet maintained apps (#24516) 2024-12-09 08:29:08 -06:00
bindata
config Stop hiding Windows MDM WSTEP config flags (#24289) 2024-12-03 10:04:49 -05:00
contexts Adding telemetry for specific Fleet Desktop errors (#23349) 2024-10-31 14:24:42 -05:00
cron
datastore Fix duplicate queries when pulling query stats for a host (#24514) 2024-12-09 15:50:28 -06:00
docs Added binary UUIDs to backend patterns (#23752) 2024-11-13 09:27:18 -06:00
errorstore Adding telemetry for specific Fleet Desktop errors (#23349) 2024-10-31 14:24:42 -05:00
fleet Allow team admins/maintainers to view Fleet maintained apps (#24516) 2024-12-09 08:29:08 -06:00
goose
health
launcher
live_query
logging
mail Add "do not reply to this automated message" copy to remaining emails, fix X logo location, swap Twitter for X on other automated email templates (#24506) 2024-12-09 09:19:23 -06:00
mdm Allow APNS key to be in unencrypted PKCS8 format (#24570) 2024-12-09 16:23:22 -06:00
mock Added cleanup job to delete stuck pending Apple profiles (#24437) 2024-12-05 15:40:59 -06:00
policies
ptr Added better handling of timeout and insufficient permissions errors in NDES SCEP proxy. (#23654) 2024-11-11 14:57:28 -06:00
pubsub
service Allow APNS key to be in unencrypted PKCS8 format (#24570) 2024-12-09 16:23:22 -06:00
shellquote
sso
test Add Linux encryption states to APIs (#23806) 2024-11-19 13:11:59 -07:00
version
vulnerabilities Skip python vulnerabilities test (#24287) 2024-12-02 14:33:03 -07:00
webhooks
websocket
worker Proposal fix/plan for 24024 (#24207) 2024-11-27 12:11:08 -05:00
utils.go Allow opting in users to email verification on login (#24273) 2024-12-05 08:37:10 -06:00
utils_test.go