- Green Verified (signed)
.mobileconfig
- HTTPS web-server
- Go for cross-platform single-binary deployment
- Open-source and private
- I created this to protect my Ad Hoc testers' privacy
- No other guide/support will be provided
- Non-bug issues will be closed
- Sorry, I don't have the bandwidth
- Forks/maintainers welcome
git clone https://github.com/EmperorEarth/udid && cd udid
- Create VPS
a. Digitalocean Droplet, AWS EC2, etc
b. Recommend 18.04 LTS amd64 if using Ubuntu - Choose URL
a. Need this for Let's Encrypt certificate
b. Can bedomain.tld
orsubdomain.domain.tld
- Point URL to VPS
- Replace
subdomain.domain.tld
in listed files with your chosen URL
a.main.go
:23
b.udid_unsigned.mobileconfig
:8
(keep/upload
) - Generate a UUID
a. Online UUID generator - Replace
12345678-1234-1234-1234-1234567890ab
with your generated UUID
a.udid_unsigned.mobileconfig
:21
GOARCH=amd64 GOOS=linux go build -o udid
a.go build
documentation
b. validGOARCH
+GOOS
combinationssftp
/psftp
to VPSput
/mput
udid
binary andudid_unsigned.mobileconfig
sudo setcap 'cap_net_bind_service=+ep' ./udid && chmod 500 ./udid
a. Allows server binary to bind to 80 & 443 (and other privileged ports < 1024)
b. Changes server binary permissions to read/execute by logged in user./udid
a. Starts server to generate TLS Certificate from Let's Encrypt- Navigate to
subdomain.domain.tld/foo
adjust URL (keep/foo
)
a. Encourages server to generate TLS certificate faster - Refresh until browser receives valid TLS certificate (locked lock icon left of URL in Chrome)
ls certificates/
should show a new filesubdomain.domain.tld
- Using whichever text editor you prefer, copy parts of
certificates/subdomain.domain.tld
into various files
a. Copy from-----BEGIN EC PRIVATE KEY-----
until-----END EC PRIVATE KEY-----
intoprivate-key.pem
b. Copy from the first-----BEGIN CERTIFICATE-----
until the first-----END CERTIFICATE-----
intocertificate.pem
c. Copy from the second-----BEGIN CERTIFICATE-----
until the second-----END CERTIFICATE-----
intocertificate-authority.pem
openssl smime -sign -signer ./certificate.pem -inkey ./private-key.pem -certfile ./certificate-authority.pem -nodetach -outform der -in ./udid_unsigned.mobileconfig -out ./udid.mobileconfig
a. Signs your.mobileconfig
file so users will see a greenVerified
sudo vi /etc/systemd/system/udid.service
a. Creates config file for asystemd
service that will start on startup/crash
b. SeeSample SystemD config file
section for sample configsudo systemctl enable udid
a. Links and enables systemd on each startup/crashsudo reboot
a.sudo systemctl start udid
won't log properly until restart
b. Something wonky withjournalctl
. if you have a fix, please file an issue- Navigate to
subdomain.domain.tld
on an iPhone
- Replace
username
with VPS username
[Unit]
Description=UDID service
After=network.target
After=systemd-user-sessions.service
After=network-online.target
[Service]
WorkingDirectory=/home/username
ExecStart=/home/username/udid
ExecStop=/usr/bin/pkill udid
Restart=on-failure
RestartSec=30
[Install]
WantedBy=multi-user.target
- Lines
15
,17
,23
,25
are customizable inudid_unsigned.mobileconfig
- Go cross compiles, so I recommend installing it locally
- Installing Go documentation
- If using
ufw
, make surehttp
&https
are allowedsudo ufw allow http
sudo ufw allow https