We will start with the Apple Server program.

Pitfall 1 — SSL Cert

On the Apple Server program you will need some sort of SSL encryption or nothing will work. Apple helps you out a little and provisions the Apple Server program out of the box with a self signed certificate. This will work but you will have to deal with annoyance as most browsers will complain.

The solution is to have a real SSL cert for the domain you will eventually be serving profile manager under. Of course you have to pay for this and setting up the public and private keys to become an .pfx file is worthy of its own article.

If you are have to purchase an SSL cert I recommend springing for the wildcard such as *.<mydomain>.com so that you can reuse elsewhere or move your profile manger service to different subdomains.

Pitfall 2 — Static IP and Router mapping

Apple should simply turn the Apple Server product into a docker image in my opinion. Until then let’s hope you are a router expert or you read this. Your computer running the server behind your router should be wired in over ethernet and you should use the router software to fix the ip address of your server.

Finally, once you have a fixed ip you need to map the ports perfectly according to this documentation

Pitfall 3 — Server host name mapping

Once you have your SSL Cert, fixed IP, and ports mapped hopefully you find your routers external facing IP. Once you have that you can make an ‘A’ record on your DNS Service under the domain or sub domain of your choice. Just make sure you have the correct SSL cert installed back from pitfall 1.

After (and only after) you have everything mapped correctly can you use the host name tool on the Apple Server program.

The pitfall here is that you will most likely be using the WIFI served by the router your Apple Server is behind. If you try and enroll a device locally and visit your nice new domain or subdomain things will go haywire. Something with routing on the local network that I don’t understand. All I know is that the Apple Server product has a tool to fix this and it only works if you made it past the first two pitfalls.

On the Apple Server product click the server then click the “Edit Host Name…” button. Select the bottom option

Go through the motions. Now you can successfully enroll a device on your local network with out barfing up error codes and Objective C code snippets.