If you manually download a Configuration Profile from the JSS, you’ll see that the profile largely reads as gobbledegook.
Luckily a couple of bash commands later & you’ll have a readable profile.
The above is a profile downloaded via the JSS & opened in TextWrangler, as said gobbledegook.
Line 3 is the profiles payload, & lines 5, 7, 16 & 18 should that the profile has been signed by the JSS’s Signing Certificate & Certificate Authority.
Stripping The Signing
With the profile downloaded the signing can be stripped via the below (obviously replace /path/to/downloaded.mobileconfig & /path/to/de-signed.mobileconfig as needed):
openssl smime -inform DER -verify -in /path/to/downloaded.mobileconfig -noverify -out /path/to/de-signed.mobileconfig
The above should return:
Opening up the profile we exported at the path: “/path/to/de-signed.mobileconfig” should show something like the below:
Which is nice & all, but still not as readable as we’d like.
Formatting The Plist
To format the plist, run:
plutil -convert xml1 /path/to/de-signed.mobileconfig
Opening the profile again, or returning to your text editor, & it should look like the below:
Now we have a configuration profile downloaded from the JSS & easily readable.
The good folks over at Moof-IT have an automator service, which can perform the above with a click.