mdmctl Command Reference - micromdm/micromdm GitHub Wiki
| sub-command | description |
|---|---|
| get | Display one or many resources |
| apply | Apply a resource |
| config | Display or set configuration |
| remove | Remove a resource |
| mdmcert | Create new MDM Push Certificate |
| mdmcert.download | Request new MDM Push Certificate from https://mdmcert.download |
| version | Display mdmctl version |
Display one or many resources
Valid resource types:
- devices
- blueprints
- dep-tokens
- dep-devices
- dep-account
- dep-profiles
- dep-autoassigner
- users
- profiles
- apps
USAGE
mdmctl get devices [flags]
FLAGS
-serials comma seperated list of serials to search
USAGE
mdmctl get blueprints [flags]
FLAGS
-f - filename of JSON to save to
-name name of blueprint
USAGE
mdmctl get dep-tokens [flags]
FLAGS
-export-public-key mdm-files/DEPPublicKey Filename of public key to write (to be uploaded to deploy.apple.com)
-export-token mdm-files/DEPOAuthToken.json Filename to save decrypted oauth token (JSON)
-v false Display full ConsumerKey in summary list
USAGE
mdmctl get dep-devices [flags]
FLAGS
-serials comma separated list of device serials
USAGE
mdmctl get dep-account [flags]
FLAGS
USAGE
mdmctl get dep-profiles [flags]
FLAGS
-f filename of DEP profile to apply
-uuid DEP Profile UUID(required)
USAGE
mdmctl get dep-autoassigner [flags]
FLAGS
USAGE
mdmctl get users [flags]
FLAGS
USAGE
mdmctl get blueprints [flags]
FLAGS
-f - filename of profile to write
-id profile Identifier
USAGE
mdmctl get apps [flags]
FLAGS
-f - path to save file to. defaults to stdout.
-name specify the name of the app to get full details
Apply a resource
Valid resource types:
USAGE
mdmctl apply blueprints [flags]
FLAGS
-f filename of blueprint JSON to apply
-template false print a new blueprint template
USAGE
mdmctl apply profiles [flags]
FLAGS
-f filename of profile to apply
USAGE
mdmctl apply users [flags]
FLAGS
-f Path to user manifest
-password Password of the user. Only required when creating a new user.
-template false Print a JSON example of a user manifest.
USAGE
mdmctl apply dep-tokens [flags]
FLAGS
-import mdm-files/DEPOAuthToken.json Filename of p7m encrypted token file (downloaded from DEP portal)
USAGE
mdmctl apply dep-profiles [flags]
FLAGS
-anchor filename of PEM cert(s) to add to anchor certs in template
-f filename of DEP profile to apply
-filter set the auto-assign filter to for the defined profile
-template false print a JSON example of a DEP profile
-use-server-cert false use the server cert(s) to add to anchor certs in template
USAGE
mdmctl apply dep-autoassigner [flags]
FLAGS
-filter * filter string (only '*' supported right now)
-uuid DEP profile UUID to set
USAGE
mdmctl apply app [flags]
FLAGS
-manifest - path to an app manifest. optional,
will be created if file does not exist.
-md5size 10485760 md5 hash size in bytes (optional)
-pkg path to a distribution pkg.
-pkg-url use custom pkg url
-sign sign package before importing, requires specifying a product ID (optional)
-upload false upload package and/or manifest to micromdm repository.
USAGE
mdmctl apply block [flags]
FLAGS
-udid UDID of a device to block.
Display or set configuration
Valid switches:
Display current configuration
USAGE
mdmctl config print
USAGE
mdmctl config set [flags]
FLAGS
-api-token api token to connect to micromdm server
-name name of the server
-server-url server url of micromdm server
-skip-verify false skip verification of server certificate (insecure)
USAGE
mdmctl config switch [flags]
FLAGS
-name name of the server to switch to
Remove a resource
Valid resource types:
USAGE
mdmctl remove blueprints [flags]
FLAGS
-name name of blueprint, optionally comma separated
USAGE
mdmctl remove devices [flags]
FLAGS
-udid device UDID, optionally comma separated
USAGE
mdmctl remove profiles [flags]
FLAGS
-id profile Identifier, optionally comma separated
USAGE
mdmctl remove block [flags]
FLAGS
-udid UDID of device to unblock
USAGE
mdmctl remove dep-autoassigner [flags]
FLAGS
-filter * filter string (only '*' supported right now)
Create new MDM Push Certificate
This utility helps obtain a MDM Push Certificate using the Apple Developer MDM CSR option in the enterprise developer portal.
Valid switches:
USAGE
mdmctl mdmcert vendor [flags]
FLAGS
-cert mdm-certificates/mdm.cer Path to the MDM Vendor certificate from dev portal.
-cn micromdm-vendor CommonName for the CSR Subject.
-country US Two letter country code for the CSR Subject(example: US).
-email Email address to use in CSR Subject.
-out mdm-certificates/VendorCertificateRequest.csr Path to save the MDM Vendor CSR.
-password Password to encrypt/read the RSA key.
-private-key mdm-certificates/VendorPrivateKey.key Path to the vendor private key. A new RSA key will be created at this path.
-push-csr mdm-certificates/PushCertificateRequest.csr Path to the user CSR(required for the -sign step).
-sign false Signs a user CSR with the MDM vendor certificate.
USAGE
mdmctl mdmcert push [flags]
FLAGS
-cn micromdm-user CommonName for the CSR Subject.
-country US Two letter country code for the CSR Subject(Example: US).
-email Email address to use in CSR Subject.
-out mdm-certificates/PushCertificateRequest.csr Path to save the MDM Push Certificate request.
-password Password to encrypt/read the RSA key.
-private-key mdm-certificates/PushCertificatePrivateKey.key Path to the push certificate private key. A new RSA key will be created at this path.
USAGE
mdmctl mdmcert upload [flags]
FLAGS
-cert Path to the MDM Push Certificate.
-password Password to encrypt/read the RSA key.
-private-key mdm-certificates/PushCertificatePrivateKey.key Path to the push certificate private key.
First you must create a vendor CSR which you will upload to the enterprise developer portal and get a signed MDM Vendor certificate. Use the MDM-CSR option in the dev portal when creating the certificate. The MDM Vendor certificate is required in order to obtain the MDM push certificate. After you complete the MDM-CSR step, copy the downloaded file to the same folder as the private key. By default this will be mdm-certificates
mdmctl mdmcert vendor -password=secret -country=US [email protected]
Next, create a push CSR. This step generates a CSR required to get a signed a push certificate.
mdmctl mdmcert push -password=secret -country=US [email protected]
Once you created the push CSR, you mush sign the push CSR with the MDM Vendor Certificate, and get a push certificate request file.
mdmctl mdmcert vendor -sign -cert=./mdm-certificates/mdm.cer -password=secret
Once generated, upload the PushCertificateRequest.plist file to https://identity.apple.com to obtain your MDM Push Certificate. Use the push private key and the push cert you got from identity.apple.com in your MDM server.
Request new MDM Push Certificate from https://mdmcert.download
USAGE
mdmctl mdmcert.download [flags]
FLAGS
-cn mdm-push CommonName for the CSR Subject.
-country US Two letter country code for the CSR Subject (example: US).
-decrypt Decrypts and mdmcert.download push certificate request
-email Email address to use in mdmcert request & CSR Subject
-new false Generates a new privkey and uploads new MDM request
-pki-cert mdmcert.download.pki.crt Path for generated MDMCert pki exchange certificate
-pki-password Password to encrypt/read the RSA key.
-pki-private-key mdmcert.download.pki.key Path for generated MDMCert pki exchange private key
-push-csr mdmcert.download.push.csr Path for generated Push Certificate CSR
-push-password Password to encrypt/read the push RSA key.
-push-private-key mdmcert.download.push.key Path to the generated Push Cert private key
-push-req mdmcert.download.push.req Path for generated Push Certificate Request
Display mdmctl version
USAGE
mdmctl version