APNS Certificate Tool

To manage iOS devices, the MDI service needs to communicate with the Apple Notification Service and respond to requests from the devices. Use the APNS Certificate Tool to create a specific certificate (mdm.p12) and a configuration profile (enroll.mobileconfig) for the server hosting the MDI service in your installation.

Prerequisites

We recommend that you obtain the following two certificates before you begin:

•SSL Certificate For example, my_sslCert.cer. If the file you receive is in .pfx format, convert it to .cer format using one of the following methods:

•Install the .pfx file on the MDI server then export it to .cer format by using Microsoft IIS.

•Use the following command: openssl pkcs12 -in sslCert.pfx -out sslCert.cer -nodes.

•CA Root Certificate For example, RootCA.crt. This file is available from your certificate authority provider (such as Verisign or Comodo). Download it from the provider website.

Accessing the APNS Certificate Tool

Access the APNS certificate tool by double-clicking the FRSMDICertManager shortcut on your desktop. You can also navigate to: http://your_HEAT_Discovery_Server/IP_Address/MDICertManager.

The toolbar guides you through the steps.

Creating the Encoded Plist File

From the web page:

1.Under Company Information, enter the organization name, website domain (in the format www.domain-name.com), city, state, and country (ISO code).

2.Click Create Plist Encoded.

A message opens on whether you would like to use this file to create the Apple Push Certificate.

3.Click OK to continue.

A Download plist_encoded link appears on the page.

4.Click the link to download the plist_encoded file to your local machine.

Use the file to create a MDM_your_profile_name_Certificate.pem file on the Apple site

5.Using a web browser navigate to https://identity.apple.com/pushcert and log in with a valid Apple ID.

a.

Click Create a Certificate and upload the plist_encoded file you created above.

b.

Download the certificate you create (MDM_your_profile_name_Certificate.pem) to your local machine.

6.Return to the APNS certificate tool.

Creating the MDM.p12 File

You must have both the SSL certificate and a certificate authority root certificate before you begin.

From the Create mdm.p12 page, do the following:

1.Browse to the file called MDM_your_profile_name_Certificate.pem that you downloaded from Apple.

2. Click Upload MDM Push Certificate to upload the file.

3.After the file is uploaded, click Create mdm.p12.

If the file upload is successful, the application displays a link to download the mdm.p12 file.

4.Download the file.

Creating the Enroll.MobileConfig File

On the Create Enroll Mobile Configuration page, do the following:

1.Browse and select the files.

2.Click Upload File for the following:

•SSL certificate, for example, my_sslCert.cer.

•Certificate authority root certificate, downloaded from your certificate provider.

•If you did not complete the upload in the Creating the MDM.p12 File process, then also upload the MDM push certificate.

3.In the MDI Server URL field, enter the domain for your MDI server.

4.Click Create Enroll Mobile Configuration.

If the configuration is successful, the application displays a link to download this file.

5.Copy the two files (mdm.p12 and enroll.mobileconfig) to the ~/Certificate folder on the MDI server.

For information about the location on where to deploy or copy these files, see Deploying the MDI Service .

Updating the APNS Certificate

The Apple Push Notification Service (APNS) certificate used by the Discovery mobile app expires each year on February 18 and must be updated.

1.Log in to Service Manager.

2.Navigate to the Service Manager Knowledge Base.

3.Download the latest certificate.

4.Log into the Service Manager Configuration Database.

5.Open the Certificate workspace.

6.Open the existing APNSCertificate.p12 record.

7.Click Upload and select the certificate downloadedDownload the latest certificate.

8.Update the certificate expiration date to Feb 18 next_year. For example, if the current year is 2016, enter Feb 18 2017. If the current year is 2017, enter Feb 18 2018.