Follow the instructions below to generate the MDM Apple Push Notification Service (APNS) certificate:
The MDM APNS certificate will be referred to as the MDM certificate in the EMM Console.
- Go to the Apple Push Certificate Portal at https://identity.apple.com/pushcert/ and login with your customer account details.
You do not need to have an enterprise account for this purpose. - Upload the the encoded
.plist
file and download the generated MDM signing certificate (MDM_Certificate.pem
).
The MDM signing certificate, is a certificate for 3rd party servers provided by Apple. Note down the
USERID
(TOPIC ID) from the MDM signing certificate (MDM_Certificate.pem)
as it will be used later in the configuration. The MDM signing certificate can be decoded to obtain theUSERID
by executing the following command:openssl x509 -in MDM_Certificate.pem -text -noout
Remove the password from the your private key file (e.g.,
customerPrivateKey.pem
).openssl rsa -in customerPrivateKey.pem -out customerKey.pem
Merge the customer key file that was derived in the latter step, with the MDM signing certificate to generate the MDM Apple Push Notification Service (APNS) Certificate.
For example, merge thecustomerKey.pem
file with theMDM_Certificate.pem
file to generate theMDM_APNSCert.pem
file.cat MDM_Certificate.pem customerKey.pem > MDM_APNSCert.pem
- Open the MDM Apple Push Notification service (APNs) Certificate (
MDM_APNSCert.pem
) and ensure that there is a line break between the contents of the two files. Convert the
MDM_APNSCert.pem
file to theMDM_APNSCert.pfx
file. You will need to provide a password when converting the file. Thereafter, follow the steps mentioned under iOS Platform Configurations.openssl pkcs12 -export -out MDM_APNSCert.pfx -inkey customerPrivateKey.pem -in MDM_APNSCert.pem