Adding a Configuration Profile to Deploy the TMWS Certificate

  1. Create a profile file.
    • If you use the TMWS CA certificates, perform the following.

      Create a file, copy and paste the following text into the file, and then save it as <file name>.mobileconfig.

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
      <plist version="1.0">
      <dict>
      	<key>PayloadContent</key>
      	<array>
      		<dict>
      			<key>PayloadCertificateFileName</key>
      			<string>tmws_root_ca.cer</string>
      			<key>PayloadContent</key>
      			<data>
      			MIIDljCCAn6gAwIBAgIJANgOQ5e77nThMA0GCSqGSIb3DQEBCwUA
      			MFsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwC
      			Q1UxDjAMBgNVBAoMBVRSRU5EMQwwCgYDVQQLDANJV1MxFDASBgNV
      			BAMMC1RSRU5ELklXUy4yMB4XDTE5MDcwOTE1NTA0N1oXDTM5MDcy
      			NDE1NTA0N1owWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQsw
      			CQYDVQQHDAJDVTEOMAwGA1UECgwFVFJFTkQxDDAKBgNVBAsMA0lX
      			UzEUMBIGA1UEAwwLVFJFTkQuSVdTLjIwggEiMA0GCSqGSIb3DQEB
      			AQUAA4IBDwAwggEKAoIBAQCc1NKr7o9AaGW4C6nSKYzWvEvgJdHg
      			zQ/ehGwx1N/bLlbS01zNC5ceHUpd61BYIWNkHRKOuJVRK/ahN1CI
      			mp56PhcfpEAfxYVaiQXFDpgJws3eJbnaQkUv2NTu346zgkQkvheP
      			2yh5pbPOT3jn7x1MLfQJxzQVaIz969JqfBdYZzLttCmc6cLWUe8L
      			8OzFXb2XYb/E7ths58tDQ25+ZAAf+U7/pwZH4WE+9v+qBXfvbrkk
      			F9Z7H0wLQPLLmV9kY9p0B8soss6NzXk23qTuN3auYnU6CuS9W8eA
      			aoud42SDjyBt8Jd6VYb9fKWCcLOrfPfa9zvPcEhzGW/OEUrp/Bnl
      			AgMBAAGjXTBbMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFDlxXaRS
      			I/Qt89xkIrvz6ePrHifSMB8GA1UdIwQYMBaAFDlxXaRSI/Qt89xk
      			Irvz6ePrHifSMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
      			AQEAD+vHNJr/il0e7+3oxJyI/C8acoX9Yj1XYWRbsJP/9TUom1UZ
      			z2J45Ya8cS6Cvfa42V53B5FjfQ7IJXwJGi/hcqIy9p674kG922Ym
      			E6WolADsSgPis5rKu6IyqDH4v8qNIEbTveuHa7ECc+kMnn88NAjV
      			gxOt+4NNqIKdbSUvFSTB0x0TlC3FYLwT6wtitNyXUoxdN8bIcGgX
      			Ygwj4JG6qK4zLiws5aZByLQqY4Y2FQ0ZuzRhjkZQPEilhjyEu071
      			HP/S+ijY/jXdyCYn3ZlG5hNZF0hC0qfIySSsF6r7fHEoOqcxwT3J
      			PvrXU41htWXKzHGogIYll/xV8tzWjiRASg==
      			</data>
      			<key>PayloadDescription</key>
      			<string>Adds a CA root certificate</string>
      			<key>PayloadDisplayName</key>
      			<string>TREND.IWS.2</string>
      			<key>PayloadIdentifier</key>
      			<string>com.apple.security.root.293117E2-4DE5-449F-B21F-668C17945FA8</string>
      			<key>PayloadType</key>
      			<string>com.apple.security.root</string>
      			<key>PayloadUUID</key>
      			<string>293117E2-4DE5-449F-B21F-668C17945FA8</string>
      			<key>PayloadVersion</key>
      			<integer>1</integer>
      		</dict>
      		<dict>
      			<key>PayloadCertificateFileName</key>
      			<string>tmws_root_ca2.cer</string>
      			<key>PayloadContent</key>
      			<data>
      			MIIF6zCCA9OgAwIBAgIUY0MDIYl3oheMRUKqfHyVcx5d1gEwDQYJKoZIhvcNAQEL
      			BQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJDVTEUMBIG
      			A1UECgwLVHJlbmQgTWljcm8xDTALBgNVBAsMBFRNV1MxLzAtBgNVBAMMJlRyZW5k
      			IE1pY3JvIFdlYiBTZWN1cml0eSBDbG91ZCBSb290IENBMB4XDTIwMDgxNzA2NTky
      			MVoXDTQwMDkwMTA2NTkyMVowfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQsw
      			CQYDVQQHDAJDVTEUMBIGA1UECgwLVHJlbmQgTWljcm8xDTALBgNVBAsMBFRNV1Mx
      			LzAtBgNVBAMMJlRyZW5kIE1pY3JvIFdlYiBTZWN1cml0eSBDbG91ZCBSb290IENB
      			MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuHcSU43KYws7UxoyfH8R
      			cnaO0cr/HETn3npjrKxWy3+L8/RSPg/KjUgZhVIqcYgef40rsNoNrM67UwdRxlDp
      			r7qKT47PZFaIwMCpfqPFHYvnz7JlcomfeY576ksnMZ87X7ThK3ZqXAuuTUHeDUXe
      			p9QAWmPMJwq15xGfPf28AR8jEfF8V0xbFHbyMYQyKpzbPDUGAgiLgKGiDsYkEpi6
      			5FfOGNKHjauQ+s1BlO/j9MLtp2Jf9me27iSyluD+ATo93a7Z3vlHBIyazENhPG7y
      			Ja971DBy8FUhKWrrn1Nv2VBCT+4bVpKAvoIqhbFFytBcTRfq0dRMPmiB9ug2BjxD
      			ry5Uucko8jMT2aN96M+Jm5Rlaq9W/ci7jkVgwDAAPtGDum8Eyxt38CRkmfFcMpXM
      			OnPBdaDcvTXwIU+TSd2g8nJqHlD19Ijb1QuoRzA+45ByparF5/1QvPhd9nHKBUN+
      			foNZJXBXdKBPtycjjL+8zeS3KXA2qo5gn2B6BOsG67O4/4uAEqEB7WsLpdCaKk4z
      			rA5fiNyBarRsXY6ueuEnwkupxyswldzihj2/HNZtdk1pZQo9PIUe4PmuSoBJxvQw
      			yBJ+AI9hOJ6UpTsS/UX9ei0z87ZBiLKPh4zUjZtPzI4UQErv3QigG/v+fnMmhEAO
      			Y0lTQfpqWoBsADZyLwzpZh0CAwEAAaNjMGEwHQYDVR0OBBYEFBRXUcrpvwS0GfK1
      			BExFs5lWHd5tMB8GA1UdIwQYMBaAFBRXUcrpvwS0GfK1BExFs5lWHd5tMA8GA1Ud
      			EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBI
      			Yss8K8xKhzUbqyXJUYvj3Hn7vORhn/V7igI/GSS2qMrdwAf32tAJTNIUrMY4t953
      			JqKrq5riO+b8cWuiQ/uBBOdPgNNFrV18Rvha8A7EjRtMs6iqi+41fzsbD0A5yGi1
      			f1QdKVCQDjGvwh1/TO+foQEk+2A2P1/SwiRatfL4KndaW1MJdmE04XnWgvdxut+j
      			gxLO4G5ZnsMCALE2XxK1Ocro1wBuC46V35R4WqX446GHWw45VQhM+Ffj+yuCWzK9
      			bv6CTo+PDChOiiTEWjL/OR7a2Q4hN0nk3T0sdz+HAQ38IepDrf+Yb5y6TGpn00Oy
      			zuXYBXUH6PpHIK+Ds6Ekvm9A3v0TyRg4XCc3ZzGyQvKRhkEuf68V67W511yOLOvL
      			zOKUGh92JnHtyweN8CWeaG412UEWYKhJqTpAoz7DRBqBS3Iz5xZb+lDFmOSoqIQp
      			OJQRNLnWH+8RD9rRQcer+aze+7QqzJs7l9k7XTtwAYbfzh3ILKUn/WYYHcyI/oU8
      			rbUkypejehCoTUCMIQf7nhe+z+JjaXGbCPc5meCIvKJexvzrEt8FtNO4Xqy6dnwh
      			aI0qeRa3qKnIlWSlss03Yjv3VrboNQAdeLqX9lE+Esx3D493JxZCFOkI37IYSGtw
      			Ja1Ww/+3VAszyyrIU5j702NqLJGFcX18LGC404RYeg==
      			</data>
      			<key>PayloadDescription</key>
      			<string>Adds a CA root certificate</string>
      			<key>PayloadDisplayName</key>
      			<string>Trend Micro Web Security Cloud Root CA</string>
      			<key>PayloadIdentifier</key>
      			<string>com.apple.security.root.54DAAE8F-9FA8-420E-BADE-6238B585396B</string>
      			<key>PayloadType</key>
      			<string>com.apple.security.root</string>
      			<key>PayloadUUID</key>
      			<string>54DAAE8F-9FA8-420E-BADE-6238B585396B</string>
      			<key>PayloadVersion</key>
      			<integer>1</integer>
      		</dict>
      	</array>
      	<key>PayloadDisplayName</key>
      	<string>TMWS ca</string>
      	<key>PayloadIdentifier</key>
      	<string>2020.15D12E18-1B48-4D63-8C98-47E9E33D6B7F</string>
      	<key>PayloadRemovalDisallowed</key>
      	<false/>
      	<key>PayloadType</key>
      	<string>Configuration</string>
      	<key>PayloadUUID</key>
      	<string>D86D70A5-87F2-4352-A9A8-DCD608EEF391</string>
      	<key>PayloadVersion</key>
      	<integer>1</integer>
      </dict>
      </plist>
    • If you have cross-signed your organization's own CA certificate with the CSR file provided by Trend Micro, perform the following.

      1. Open your organization's CA certificate and locate the certificate content.

        -----BEGIN CERTIFICATE-----
        #your organization's certificate content#
        -----END CERTIFICATE-----
      2. Create a file with the following text and then save it as <file name>.mobileconfig.

        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
        <plist version="1.0">
        <dict>
        	<key>PayloadContent</key>
        	<array>
        		 <dict>
        			<key>PayloadCertificateFileName</key>
        			<string>#your organization's certificate file name#</string>
        			<key>PayloadContent</key>
        			<data>
        			#your organization's certificate content#
                                </data>
        			<key>PayloadDescription</key>
        			<string>Adds a CA root certificate</string>
        			<key>PayloadDisplayName</key>
        			<string>#Customize a name#</string>
        			<key>PayloadIdentifier</key>
        			<string>com.apple.security.root.293117E2-4DE5-449F-B21F-668C17945FA8</string>
        			<key>PayloadType</key>
        			<string>com.apple.security.root</string>
        			<key>PayloadUUID</key>
        			<string>293117E2-4DE5-449F-B21F-668C17945FA8</string>
        			<key>PayloadVersion</key>
        			<integer>1</integer>
        		</dict>
        	</array>
        	<key>PayloadDisplayName</key>
        	<string>Company ca</string>
        	<key>PayloadIdentifier</key>
        	<string>2020.15D12E18-1B48-4D63-8C98-47E9E33D6B7F</string>
        	<key>PayloadRemovalDisallowed</key>
        	<false/>
        	<key>PayloadType</key>
        	<string>Configuration</string>
        	<key>PayloadUUID</key>
        	<string>D86D70A5-87F2-4352-A9A8-DCD608EEF391</string>
        	<key>PayloadVersion</key>
        	<integer>1</integer>
        </dict>
        </plist>
      3. Replace the value of the following keys in the file.

        • <key>PayloadCertificateFileName</key>: Your organization's certificate file name.

        • <key>PayloadContent</key>: Your organization's certificate content.

        • <key>PayloadDisplayName</key>: Customize a name as necessary.

      4. Save the file.

  2. Create a profile in the Microsoft Endpoint Manager admin center.
    1. In the Microsoft Endpoint Manager admin center, go to Devices > iOS/iPadOS > Configuration profiles, and then click Create profile.
    2. On the Create a profile screen that appears, select Custom from the Profile drop-down list and click Create.
    3. On the Custom screen that appears, specify a name for the profile on the Basics tab and click Next.
    4. On the Configuration settings tab that appears, specify a name for the configuration profile, upload the configuration profile file created in step 1, and then click Next.
    5. On the Assignments tab that appears, select All devices from the Assign to drop-down list and click Next.
    6. On the Review + create tab that appears, confirm the information you specified and click Create.

      The policy is successfully added to Intune and listed on the Configuration profiles screen.