Unknown macro: {next_previous_link3}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

The Device Enrollment Program (DEP) server token is only valid for a year (365 days). Therefore, you need to renew it and update the WSO2 IoT Server's iOS platform configurations with the new token. 

Generating the public key

The public key you generated when Adding the WSO2 EMM Solution to the DEP Portal is configured to expire in a year. Therefore, you need to generate a new public key in the .pem format.

  1. Create a new directory to generate the public key.

  2. Create a file named openssl.cnf in the directory you just created.

  3. Copy the code given below to the openssl.cnf and save it.

    [ v3_req ]# Extensions to add to a certificate request
    basicConstraints=CA:TRUE
    keyUsage = digitalSignature, keyEncipherment
     
    [ v3_ca ]
    # Extensions for a typical CA
    # PKIX recommendation.
    subjectKeyIdentifier=hash
    authorityKeyIdentifier=keyid:always,issuer
    # This is what PKIX recommends but some broken software chokes on critical
    # extensions.
    basicConstraints = critical,CA:true
    # So we do this instead.
    #basicConstraints = CA:true
    # Key usage: this is typical for a CA certificate. However since it will
    # prevent it being used as an test self-signed certificate it is best
    # left out by default.
    keyUsage = digitalSignature, keyCertSign, cRLSign
  4. Navigate into the directory and run the commands given below in the given order.

    openssl genrsa -out dep_private.key 4096 
    
    openssl req -new -key dep_private.key -out dep.csr
    
    openssl x509 -req -days 365 -in dep.csr -signkey dep_private.key -out dep.crt -extensions v3_ca -extfile ./openssl.cnf
    
    openssl x509 -in dep.crt -out dep.pem

    Now, you see the dep.pem file created in the directory you created.

Generating the new DEP server token

Follow the steps given below to generate the new DEP server token from the DEP portal:

  1. Navigate to the Apple Deployment Programs.

    Note!

    Do not close this browser session until you are done configuring the DEP portal. If you do close the browser session, you need to enter the verification code again and start configuring the DEP portal from where you stopped.

  2. Sign in with your organization's Apple credentials.

  3. Click Get Started to automate the Mobile Device Management (MDM) enrollment.

  4. Confirm your identity by entering the verification code that was sent to the device you entered when creating an account for DEP, and click Continue

    The DEP portal screen appears.
  5.  In the left-navigation pane, select Manage Servers. 
  6. Click on the server you created for WSO2 IoT Server's EMM solution.

  7. Click Replace Key and upload the .pem file you just generated.

  8. Click Generate New Token to download the new DEP server token. 
    An encrypted Apple server token file in the . p7m file format downloads. Make sure to save it in a convenient location.
  9. Click OK.


Updating WSO2 IoT Server with the token

Follow the steps given below to update the token details in the WSO2 IoT Server:

    1. Navigate to the folder where you saved the Apple server token you downloaded when Adding the WSO2 EMM Solution to the DEP Portal via the terminal.

    2. Decrypt the server token using the command given below:

      openssl smime -decrypt -in "<THE-.PM7-TOKEN-SERVER-FILE-NAME>.pm7" -inkey "dep_private.key" > token.json

      You see the token.json file created in the same directory.

    3. Start WSO2 IoT Server's core profile.

      cd <IOTS_HOME>/bin
      ./iot-server.sh
    4. Sign in by entering the EMM administrators username and password. The default username is admin and the default password is admin.
    5. Click the  icon > CONFIGURATION MANAGEMENT > PLATFORM CONFIGURATIONS > iOS Configurations.
    6. Scroll down until you come to DEP only configurations.
    7. Update the DEP related details:

      Agent App ID

      You are able to enroll and iOS device with WSO2 IoT Server's EMM solution, with or without the agent.

      • If you are not using the agent, you can leave this section blank.

      • If you are using the agent, follow the steps given below:

        Before you begin!

        1. Configure WSO2 IoT Server to install iOS mobile applications:
            1. Open the <IOTS_HOME>/conf/app-manager.xml file.
            2. Add %https% as the value for the AppDownloadURLHost property.


              <Config name="AppDownloadURLHost">%https%</Config>
        2. Download the iOS agent source code.
          For more information on the agent version related to the IoT Server version you are using, see WSO2 IoT Server and Agent Compatibility.
        3. Build and export the project as an iOS application using Xcode. This will generate an ipa file.
        4. Sign in to WSO2 IoT Server's App Publisher console: https://<IOTS_SERVER_HOST>:9443/publisher.
          The default username is admin and the default password is admin, and the default IOTS_SERVER_HOST is localhost.
        5. Create a new application and upload the ipa file you just generated.
        6. Once the application is created, click on the application.
        7. Note down the App ID from the URL.
          Example: https://172.20.10.12:9443/publisher/asset/mobileapp/667026af-2ed4-426f-95c3-246a5707db66
        8. Enter the App ID as the value for Agent App ID.
      Consumer KeyOpen the token.json file you just generated and enter the value given for the consumer_key here.
      Consumer SecretEnter the value given for the consumer_secret in the token.json file.
      Access TokenEnter the value given for access_token in the token.json file.
      Access SecretEnter the value given for access_secret in the token.json file, here.
      Access Token ExpiryEnter the value given for access_token_expiry in the token.json file, here.
    8. Click Save.
  • No labels