...
Create a Certificate Signing Request (CSR) file (e.g.,
customer.csr
) from the MDM server using your private key. Keep your private key and CSR file in a safe location for further reference.Code Block openssl genrsa -des3 -out customerPrivateKey.pem 2048 openssl req -new -key customerPrivateKey.pem -out customer.csr
After the above command is executed, you will be prompted to enter some information. Make sure to fill in all the information as it will be incorporated into the CSR with your organization’s official details. The compulsory fields have been described as follows:
Filed
Usage/Purpose
Organization Name
Identifies what organization the CSR belongs to.
Email
When a certificate expires, the customers will have to renew their certificate. In such situations, the email will be used to identify the existing customers.
Note It is important that you provide a valid company email address.
Example: The email address you provide can be foo@wso2.com and not foo@gmail.com.
Common name
Fully qualified domain name of your server.
Warning If the compulsory information is not provided, the CSRs will be rejected in the signing process.
The following is a screenshot of a sample CSR file generation process in Linux:. The same process is applicable to Mac users as well.- Submit the CSR file to WSO2 via our site in order to obtain the signed CSR file in
.plist
format. - Go to the Apple Push Certificate Portal at https://identity.apple.com/pushcert/ and login with your customer account details.
You do not need to have an enterprise account for this purpose. - Upload the the encoded
.plist
file and download the generated MDM signing certificate (MDM_Certificate.pem
).
The MDM signing certificate, is a certificate for 3rd party servers provided by Apple.
Note down theAnchor MDM_APNS_TopicID MDM_APNS_TopicID USERID
(TOPIC ID) from the MDM signing certificate (MDM_Certificate.pem)
as it will be used later in the configuration. The MDM signing certificate can be decoded to obtain theUSERID
by executing the following command:Code Block openssl x509 -in MDM_Certificate.pem -text -noout
Remove the password from the your private key file (e.g.,
customerPrivateKey.pem
).Code Block openssl rsa -in customerPrivateKey.pem -out customerKey.pem
Merge the customer key file that was derived in the latter step, with the MDM signing certificate to generate the MDM Apple Push Notification Service (APNS) Certificate.
For example, merge thecustomerKey.pem
file with theMDM_Certificate.pem
file to generate theMDM_APNSCert.pem
file.Code Block cat MDM_Certificate.pem customerKey.pem > MDM_APNSCert.pem
- Open the MDM Apple Push Notification service (APNs) Certificate (
MDM_APNSCert.pem
) and ensure that there is a line break between the contents of the two files.
Convert theAnchor pem_pfx pem_pfx MDM_APNSCert.pem
file to theMDM_APNSCert.pfx
file. You will need to provide a password when converting the file. Thereafter, follow the steps mentioned under iOS Settings.Code Block openssl pkcs12 -export -out MDM_APNSCert.pfx -inkey customerPrivateKey.pem -in MDM_APNSCert.pem