Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Follow the instructions below to generate the MDM Apple Push Notification Service (APNS) certificate:

Info

The MDM APNS certificate will be referred to as the MDM certificate in the EMM Console.

  1. Create a Certificate Signing Request (CSR) file (e.g.,  customer.csr)  from the EMM server using your private key. Keep your private key and CSR file in a safe location for further reference.

    Code Block
    openssl genrsa -des3 -out customerPrivateKey.pem 2048
    openssl req -new -key customerPrivateKey.pem -out customer.csr

    After the above command is executed, you will be prompted to enter some information. Make sure to fill in all the information as it will be incorporated into the CSR with your organization’s official details. The compulsory fields have been described as follows:

    Filed

    Usage/Purpose

    Organization Name

    Identifies what organization the CSR belongs to.

    Email

    When a certificate expires, the customers will have to renew their certificate. In such situations, the email will be used to identify the existing customers.

    Common name

    Fully qualified domain name of your server.

    Warning

    If the compulsory information is not provided, the CSRs will be rejected in the signing process.

    The following is a screenshot of a sample CSR file generation process in Linux. The same process is applicable to Mac users as well.

    Image Removed

    Submit the CSR file to WSO2 via our site in order to obtain the signed CSR file in .

    Obtain the signed CSR file in the .plist format.

  2. Go to the Apple Push Certificate Portal at https://identity.apple.com/pushcert/ and login  and log in with your customer account details.
    You do not need to have an enterprise account for this purpose.
  3. Upload the the the encoded .plist file and download the generated MDM signing certificate (MDM_Certificate.pem).
    The MDM signing certificate, is certificate is a certificate for 3rd party servers provided by Apple. 
  4. Anchor
    MDM_APNS_TopicID
    MDM_APNS_TopicID
    Note down the USERID (TOPIC ID) from the MDM signing certificate (MDM_Certificate.pem) as it will be used later in the configuration. The MDM signing certificate can be decoded to obtain the USERID by executing the following command:

    Code Block
    openssl x509 -in MDM_Certificate.pem -text -noout
  5. Remove the password from the your private key file (e.g.,customerPrivateKey.pem).

    Code Block
    openssl rsa -in customerPrivateKey.pem -out customerKey.pem 
  6. Merge the customer key file that was derived in the latter step, with the MDM signing certificate to generate the MDM Apple Push Notification Service (APNS) Certificate.
    For example, merge the customerKey.pem file with the MDM_Certificate.pem file to generate the MDM_APNSCert.pem file.

    Code Block
    cat MDM_Certificate.pem customerKey.pem > MDM_APNSCert.pem
  7. Open the MDM Apple Push Notification service (APNs) Certificate (MDM_APNSCert.pem) and ensure that there is a line break between the contents of the two files.
    Example:
    The content will look as follows:-----END CERTIFICATE----------BEGIN RSA PRIVATE KEY----- 
    Therefore, add a line break to separate the 2 certificate so that the content will look like what's shown below:
    Code Block
    -----END CERTIFICATE-----
    -----BEGIN RSA PRIVATE KEY-----
  8. Anchor
    pem_pfx
    pem_pfx
    Convert the MDM_APNSCert.pem file to the MDM_APNSCert.pfx file. You will need to provide a password when converting the file. Thereafter, follow the steps mentioned under iOS SettingsPlatform Configurations.

    Code Block
    openssl pkcs12 -export -out MDM_APNSCert.pfx -inkey customerPrivateKey.pem -in MDM_APNSCert.pem