Certificate stuff in iOS MDM operation

0
votes

Now I'm trying to make an MDM server which manages iOS devices using APNS push notifications.

So far I went over number of Apple official documents about configuration profile, mdm protocol, APNS push and etc.
But some of the steps necessary for the MDM full flow, I can't figure out clearly.

  • APNS certificate which MDM server has to use for push notification
    Who(Vendor? or customer?) creates CSR and who(Vendor? or customer?) generates APNS certificate by uploading the CSR in Apple Push Portal?
    (What the Apple document says and what Google says are not matching each other..)

  • Identity certificate which has to be contained in Configuration Profile
    How to create the identity certificate and in where?
    How to include it in the Configuration Profile using iPCU?

Searching on web I could see pretty lots of information about these but not all of them says consistent answer, so I got to feel more dizzy. :-(

Any piece of help/information will be appreciated.
Thanks.. :-)

3
iosconfigurationcertificateprofilemdm

3 Answers

2
votes

I have prepared some basic steps for you to configure Push notification as follows :

  1. Go to Developer.apple.com
  2. Check with Member centre
  3. Navigate to iOS provisioning portal
  4. check if app id exists
  5. Create new app id
  6. select created app (configure)
  7. Enable push notification and in app
  8. CSR from apple MAC user with keychain app(give account creds)
  9. Enter CSR and generate
  10. Download production certificate
  11. Give this to MAC user again to generate p12 file
  12. Provisioning go to distribution
  13. Create New Distribution profile
  14. Profile name is “APP name (space) Dist”

Hope this will help you.. Please feel free to ask if anything is not clear to you.

0
votes

You can't much info regarding this. But I will tell you, use iPCU for creating config profiles. Use a server for sending these config profiles as a response.

Use a separate server for CA and issuing the authority.

  1. You(Vendor/Customer) have to create a APNS certificate and you have to use it in the server, for sending push notification.

Let me know whether you have found a breakthrough or still you struck somewhere

0
votes

I have some basic points in order to generate a MDM certificate.

  1. MDM certificate is use to manage the enrolled device.
  2. The policies will work over the air(APNS).
  3. The Server-Clint communication will happened through APNS.

I am going to answer your questions below. Q: APNS certificate which MDM server has to use for push notification: A: In order to manage the iOS device you need to install the profile in server.

  • First of all you need to create the CSR in your server using IIS manager.
  • After generate the CSR file you need to sign by any third party vendor,then you will get the .SCSR file. Hear the vendor will sign your CSR using a private key.
  • Once have the .SCSR you need to upload the file to apple push cert site.
  • After upload the SCSR file you will get the .PEM file.
  • Once have the .PEM file need to complete the request using IIS manager.
  • Your certificate will visible in the certificate list.Right click on the certificate and export with password.

Hear the customer means whoever creating the CSR.Vendor means the certificate whoever signing.

Feel free to ask the questions if you are not clear.