Service Manager powered by HEAT

About Using the APNS Certificate Tool

To manage iOS devices, the MDI service needs to communicate with the Apple Notification Service and respond to requests from the devices. Use the APNS Certificate Tool to create a specific certificate (mdm.p12) and a configuration profile (enroll.mobileconfig) for the server hosting the MDI service in your installation.

•Prerequisites

•Accessing the APNS Certificate Tool

•Creating the Encoded Plist File

•Creating the MDM.p12 File

•Creating the Enroll.MobileConfig File

Prerequisites

We recommend that you obtain the following two certificates before you begin:

•SSL Certificate For example, my_sslCert.cer. If the file you receive is in .pfx format, convert it to .cer format using one of the following methods:

•Install the .pfx file on the MDI server then export it to .cer format by using Microsoft IIS.

•Use the following command: openssl pkcs12 -in sslCert.pfx -out sslCert.cer -nodes.

•CA Root Certificate For example, RootCA.crt. This file is available from your certificate authority provider (such as Verisign or Comodo). Download it from the provider website.

Accessing the APNS Certificate Tool

Access the APNS certificate tool by double-clicking the FRSMDICertManager shortcut on your desktop. You can also navigate to: http://your_HEAT_Discovery_Server/IP_Address/MDICertManager.

The toolbar guides you through the steps.

Creating the Encoded Plist File

From the web page:

1.Under Company Information, enter the organization name, website domain (in the format www.domain-name.com), city, state, and country (ISO code).

2.Click Create Plist Encoded.

A message appears asking if you would like to use this file to create the Apple Push Certificate.

3.Click OK to continue.

A Download plist_encoded link appears on the page.

4.Click the link to download the plist_encoded file to your local machine.

Use the file to create a MDM_your_profile_name_Certificate.pem file on the Apple site

5.Using a web browser navigate to https://identity.apple.com/pushcert and log in with a valid Apple ID.

a.

Click Create a Certificate and upload the plist_encoded file you created above.

b.

Download the certificate you create (MDM_your_profile_name_Certificate.pem) to your local machine.

6.Return to the APNS certificate tool.

Creating the MDM.p12 File

You must have both the SSL certificate and a certificate authority root certificate before you begin.

From the Create mdm.p12 page, do the following:

1.Browse to the file called MDM_your_profile_name_Certificate.pem that you downloaded from Apple.

2. Click Upload MDM Push Certificate to upload the file.

3.After the file is uploaded, click Create mdm.p12.

If the file upload is successful, the system displays a link to download the mdm.p12 file.

4.Download the file.

Creating the Enroll.MobileConfig File

From the Create Enroll Mobile Configuration page, do the following:

1.Browse to and select the files.

2.Click Upload File for the following:

•SSL certificate, for example, my_sslCert.cer.

•Certificate authority root certificate, downloaded from your certificate provider.

•If you did not complete the upload in Creating the MDM.p12 File, then also upload the MDM push certificate.

3.In the MDI Server URL field, enter the domain for your MDI server.

4.Click Create Enroll Mobile Configuration.

If the configuration is successful, the system displays a link to download this file.

5.Copy the two files (mdm.p12 and enroll.mobileconfig) to the ~/Certificate folder on the MDI server.

For information about the location on where to deploy or copy these files see Service Manager powered by HEAT.