mirror of https://github.com/fleetdm/fleet synced 2026-05-06 06:48:54 +00:00

History

Roberto Dip f1b45a3865 friday tidy up party (#18106 ) - add missing tests - remove unused code - remove unnecessary nested branches		2024-04-08 08:42:42 -03:00
..
certs.go	Signing tool for MDM Push CSRs (#8884 )	2023-01-06 08:25:54 -08:00
certs_test.go	friday tidy up party (#18106 )	2024-04-08 08:42:42 -03:00
README.md	Signing tool for MDM Push CSRs (#8884 )	2023-01-06 08:25:54 -08:00

README.md

MDM Push CSR generation tool

Build

Build like any other go program:

go build -o mdm-gen-cert .

Usage

The following environment variables must be configured:

VENDOR_CERT_PEM - Fleet's MDM Vendor certificate in PEM format. VENDOR_KEY_PEM - Fleet's MDM Vendor private key in PEM format. VENDOR_KEY_PASSPHRASE - Passphrase for the MDM Vendor private key. CSR_BASE64 - Base64 encoded CSR submitted from the Fleet server or fleetctl on behalf of the user. (Note: this is accepted as an environment variable to mitigate against command injection attacks from untrusted user input.)

The program outputs the email and org from the signing request, and the signed request as JSON. For example:

{"email":"fleetuser@example.com","org":"ExampleOrg","request":"PD94bWw..."}

The email should be validated against the email denylist, and then the request contents should be sent to that email address as an attachment (eg. apple-apns-request.txt).