Search code examples
iphoneiosapple-push-notificationsmdm

Certificates confusion in MDM

I was able to develop a mdm solution.

I started facing problem when I moved my agent from Developer account's provisioning profile to Enterprise account's in-house distribution profile.

Now I am totally confused which certificate is used where?

Please guide me his is the certificate used in the below places:

  1. Certificate in credentials section of enrollment profile (is it having BI as com.apple.mgmt._ ? or can be any like com.abc.mdm ? or it's the one received by customer)
  2. Certificate .pem file used to wake up device?

Thanks

Solution

  • You need to use your iOS Enterprise developer account use the Agent account's credentials.

    • Follow this page http://www.softhinker.com/in-the-news/iosmdmvendorcsrsigning and then verify few things as remove the passphrase from customerPrivateKey.pem using this command

      openssl rsa -in customerPrivateKey.pem -out PlainKey.pem

    • Verify the .pem certificate downloaded from https://identity.apple.com/pushcert/

      You can install this .pem in you Mac's Keychain and then see the Get Info and the certificate should have com.apple.mgmt.External.b503419d-1e2a-a60f-7451-5b8832b5a9cb, which you can use as push topic while generating enroll mobileconfig .

    • Then merge your APNS certificate (for example CustomerCompanyName.pem) downloaded from the portal https://identity.apple.com/pushcert/ using this command

      cat CustomerCompanyName.pem PlainKey.pem > PlainCert.pem

    Now the PlainCert.pem you can use as APNS/MDM certificate.

    Please see this for Identity.p12 and respective password, which you have to use in Credential section.