.mobileconfig generator #2497
Comments
|
@ameshkov, are you really sure AGH can't sign and encrypt these files? This is implemented on the NextDNS🤫 |
|
Signing requires a developer certificate, we wouldn't use ours to sign user-generated configuration profiles, this is dangerous. |
|
@ameshkov, to solve this problem, they somehow encrypt these files - I can send you an example of such a file:
Isn't that gonna help? |
|
That's how a signed configuration profile looks like, it's not encryption. And this still does not solve any issues, we can't allow third-parties to sign a configuration profile with our developer certificate. |
Ah, okay... Got it✌️ |
|
Don't get me wrong, it's just if we sign someone's configuration profile, it would look like it comes from us. But it will point to a DNS server that is not controlled by us. And there is quite a lot of nasty stuff that can be done when you operate a DNS server, we don't want to be responsible for that. |
|
@ameshkov, please, add bootstrap server address strings for initial resolving. Here is example: Thank you🤗 |
@ameshkov AGH can use its own TLS certificate (to use DoH, the user would obviously need to set up a TLS certificate in AGH) to sign mobileconfig, as NextDNS does the same thing. Screenshot:
|
Merge in DNS/adguard-home from 3172-mobileconfig to master Updates #3172. Updates #2497. Squashed commit of the following: commit 30549ef Author: Eugene Burkov <e.burkov@adguard.com> Date: Tue Jun 1 21:00:17 2021 +0300 all: log changes commit 9b94294 Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jun 1 17:56:59 2021 +0300 client: always show port input commit 6d6a0bd Merge: 13a3bff 77946a7 Author: Eugene Burkov <e.burkov@adguard.com> Date: Tue Jun 1 17:50:41 2021 +0300 Merge branch 'master' into 3172-mobileconfig commit 13a3bff Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jun 1 17:20:17 2021 +0300 client: add port to mobile config form commit f6abe0b Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 31 19:43:37 2021 +0300 home: imp cyclo commit c304a0b Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 31 18:19:46 2021 +0300 home: reduce allocs commit 10a7678 Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 24 20:05:08 2021 +0300 all: make the host parameter required
|
Any update on this? I already have LE certificates configured under the Encryption Settings but .mobileconfig still remains unsigned. I had to use OpenSSL smime to sign the file. Not too difficult. Would be heck of a life saver if this auto signing can be implemented in AGH. |
Merge in DNS/adguard-home from 3172-mobileconfig to master Updates AdguardTeam#3172. Updates AdguardTeam#2497. Squashed commit of the following: commit 30549ef Author: Eugene Burkov <e.burkov@adguard.com> Date: Tue Jun 1 21:00:17 2021 +0300 all: log changes commit 9b94294 Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jun 1 17:56:59 2021 +0300 client: always show port input commit 6d6a0bd Merge: 13a3bff 77946a7 Author: Eugene Burkov <e.burkov@adguard.com> Date: Tue Jun 1 17:50:41 2021 +0300 Merge branch 'master' into 3172-mobileconfig commit 13a3bff Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jun 1 17:20:17 2021 +0300 client: add port to mobile config form commit f6abe0b Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 31 19:43:37 2021 +0300 home: imp cyclo commit c304a0b Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 31 18:19:46 2021 +0300 home: reduce allocs commit 10a7678 Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 24 20:05:08 2021 +0300 all: make the host parameter required
We may need a more robust .mobileconfig generator dialog that would allow configuring it.
What could be included:
The text was updated successfully, but these errors were encountered: