iOS Server Configurations

Follow the instructions below to configure the iOS server-side configurations:

Generate an Apple Push Notification Service (APNS) certificate.
Generate MDM Apple Push Notification Service (APNS) certificate.
Generate a self signed Certificate Authority (CA) certificate (version 3) and convert the certificate to .pem format using the following commands:
1. openssl genrsa -out <CA PRIVATE KEY> 4096
  For example: openssl genrsa -out ca_private.key 4096
2. openssl req -new -key <CA PRIVATE KEY> -out <CA CSR>
  For example: openssl req -new -key ca_private.key -out ca.csr
3. openssl x509 -req -days <DAYS> -in <CA CSR> -signkey <CA PRIVATE KEY> -out <CA CRT> -extensions v3_ca
  For example: openssl x509 -req -days 365 -in ca.csr -signkey ca_private.key -out ca.crt -extensions v3_ca
4. openssl rsa -in <CA PRIVATE KEY> -text > <CA PRIVATE PEM>
  For example: openssl rsa -in ca_private.key -text > ca_private.pem
5. openssl x509 -in <CA CRT> -out <CA CERT PEM>
  For example: openssl x509 -in ca.crt -out ca_cert.pem
Generate a Registration Authority (RA) certificate (version 3) signed it with the CA and convert the certificate to .pem format using the following commands:
1. openssl genrsa -out <RA PRIVATE KEY> 4096
  For example: openssl genrsa -out ra_private.key 4096
2. openssl req -new -key <RA PRIVATE KEY> -out <RA CSR>
  For example: openssl req -new -key ra_private.key -out ra.csr
3. openssl x509 -req -days <DAYS> -in <RA CSR> -CA <CA CRT> -CAkey <CA PRIVATE KEY> -set_serial <SERIAL NO> -out <RA CRT> -extensions v3_req
  For example: openssl x509 -req -days 365 -in ra.csr -CA ca.crt -CAkey ca_private.key -set_serial 02 -out ra.crt -extensions v3_req
4. openssl rsa -in <CA PRIVATE KEY> -text > <RA PRIVATE PEM>
  For example: openssl rsa -in ra_private.key -text > ra_private.pem
5. openssl x509 -in <RA CRT> -out <RA CERT PEM>
  For example: openssl x509 -in ra.crt -out ra_cert.pem
Generate the SSL certificate (version 3) based on your domain/IP address:

Your IP address/Domain needs to be added as the Common Name, otherwise provisioning will fail.
1. Generate a RSA key.
  openssl genrsa -out <RSA_key>.key 4096
  For example:
  openssl genrsa -out ia.key 4096
2. Generate a CSR file.
  openssl req -new -key <RSA_key>.key -out <CSR>.csr
  For example:
  openssl req -new -key ia.key -out ia.csr
  Enter your server IP address/domain name (e.g., 192.168.1.157) as the Common Name else provisioning will fail.
3. Generate the SSL certificate
  openssl x509 -req -days 730 -in <CSR>.csr -CA ca_cert.pem -CAkey ca_private.pem -set_serial <serial number> -out ia.crt
  For example:
  openssl x509 -req -days 730 -in ia.csr -CA ca_cert.pem -CAkey ca_private.pem -set_serial 044324343 -out ia.crt
Export the SSL, CA and RA files as PKCS12 files with an alias.
1. Export the SSL file as a PKCS12 file with an "wso2carbon" as the alias.
  openssl pkcs12 -export -out <KEYSTORE>.p12 -inkey <RSA_key>.key -in ia.crt -CAfile ca_cert.pem -name "<alias>"
  For example:
  openssl pkcs12 -export -out KEYSTORE.p12 -inkey ia.key -in ia.crt -CAfile ca_cert.pem -name "wso2carbon"
2. Export the CA file as a PKCS12 file with an alias.
  openssl pkcs12 -export -out <CA>.p12 -inkey <CA private key>.pem -in <CA Cert>.pem -name "<alias>"
  For example:
  openssl pkcs12 -export -out ca.p12 -inkey ca_private.pem -in ca_cert.pem -name "cacert"
  In the above example, cacert has been used as the CA alias.
3. Export the RA file as a PKCS12 file with an alias.
  openssl pkcs12 -export -out <RA>.p12 -inkey <RA private key>.pem -in <RA Cert>.pem -chain -CAfile <CA cert>.pem -name "<alias>"
  For example:
  openssl pkcs12 -export -out ra.p12 -inkey ra_private.pem -in ra_cert.pem -chain -CAfile ca_cert.pem -name "racert"
  In the above example, racert has been used as the RA alias.
Copy the three P12 files to <PRODUCT_HOME>/repository/resources/security directory.
Import the generated P12 files as follows:
1. Import the generated <KEYSTORE>.p12 file into the wso2carbon.jks and client-truststore.jks in the <PRODUCT_HOME>/repository/resources/security directory.
  keytool -importkeystore -srckeystore <KEYSTORE>.p12 -srcstoretype PKCS12 -destkeystore <wso2carbon.jks/client-truststore.jks>
  
  Ensure to enter the keystore password and keystore key password as wso2carbon
  For example:
  keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore wso2carbon.jks
  keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore client-truststore.jks
2. Import the generated <CA>.p12 and <RA>.p12 files into the wso2mobilemdm.jks in the <PRODUCT_HOME>/repository/resources/security/ directory.
  The name "wso2mobilemdm.jks" can be changed.
  keytool -importkeystore -srckeystore <CA/RA>.p12 -srcstoretype PKCS12 -destkeystore wso2mobilemdm.jks
  Enter a preferred keystore password and keystore key password.
  
  For example:
  keytool -importkeystore -srckeystore ca.p12 -srcstoretype PKCS12 -destkeystore wso2mobilemdm.jks
  Enter the keystore password as wso2_mobile and keystore key password cacert
  keytool -importkeystore -srckeystore ra.p12 -srcstoretype PKCS12 -destkeystore wso2mobilemdm.jks
  Enter the keystore password as wso2_mobile and keystore key password as racert
Update the MDM iOS push certificate configurations in the mdm-conf.xml file, which is found in the <PRODUCT_HOME>/repository/conf/ directory.

Configure the wso2carbon.jks and wso2mobilemdm.jks parameters in the mdm-conf.xml file, which is found in the <PRODUCT_HOME>/repository/conf/ directory.

Add the following configurations for wso2carbon.jks

<!-- Keystore file location-->
	<keystore-location><PRODUCT_HOME>/repository/resources/security/wso2carbon.jks</keystore-location>
        <!-- Keystore type (JKS/PKCS12 etc.)-->
        <keystore-type>JKS</keystore-type>
        <!-- Keystore password-->
        <keystore-password>wso2carbon</keystore-password>
        <!-- Private Key alias-->
        <keystore-key-alias>wso2carbon</keystore-key-alias>
        <!-- Private Key password-->
        <keystore-key-password>wso2carbon</keystore-key-password>

Add the following configurations for wso2mobilemdm.jks

The following configuration values are based on the sample values provided above. Accordingly modify the mdm-conf.xml file, if the actual configurations vary from the sample configurations.

	<!-- MDM Keystore file location-->
    <mdm-keystore-location><PRODUCT_HOME>/repository/resources/security/wso2mobilemdm.jks</mdm-keystore-location>
    <!-- MDM Keystore type (JKS/PKCS12 etc.)-->
    <mdm-keystore-type>JKS</mdm-keystore-type>
    <!-- MDM Keystore password-->
    <mdm-keystore-password>wso2_mobile</mdm-keystore-password>
	<!-- Certificate authority certificate alias -->
	<mdm-keystore-ca-cert-alias>cacert</mdm-keystore-ca-cert-alias>
	<!-- Certificate authority private key password -->
	<mdm-keystore-ca-cert-priv-password>cacert</mdm-keystore-ca-cert-priv-password>
	<!-- Registration authority certificate alias -->
	<mdm-keystore-ra-cert-alias>racert</mdm-keystore-ra-cert-alias>
	<!-- Registration authority private key password -->
	<mdm-keystore-ra-cert-priv-password>racert</mdm-keystore-ra-cert-priv-password>

Save the EMM-iOS.ipa file, which was generated in the iOS client configurations, anywhere within the <MDM_HOME> folder.

Update the iOS sever configurations in the config.json file, which is in the <MDM_HOME>/config/ directory.

Add the EMM-iOS.ipa file path as the iOS location.
Add the package name as the iOS bundle ID.
Add the version of the package.
Add the app name.

},
    "device": {
        "android_location": "%http.ip%/mdm/client_app/EMM-Android.apk",
        "ios": {
            "location": "%http.ip%/mdm/client_app/EMM-iOS.ipa",
            "bundleid": "com.wso2.mdmAgent",
            "version": "1.0",
            "appname": "MDM Agent"
        }
    },

Enterprise Mobility Manager 1.0.0

iOS Server Configurations

Related Links