So, we were trying to setup communication with the apple MFi server for staging.
Have followed the steps as per the documentation which state that the license server should be trusted (DigiCert certificate used for the same) and that the client certificate must be provided to apple in order to establish a secure tunnel.
The client certificates (.pem files) we are trying with were generated a few months back but are still valid. The .pem doesn't seem to authorize a machine but rather a company account, correct me if I'm wrong here. (So it should work if the csr for the pem files was not generated from the licensee server?)
Also, while trying to create a new certificate get a MAX_REQUEST error. Got conflicting information about whether there can be more than to certificates active for the staging profile for an account.
Tried through Postman as well as .NET
var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12;
handler.ClientCertificates.Add(new X509Certificate("Certificate.pem"));
var httpClient = new HttpClient(handler)
// Tried with and without the user name
httpClient.DefaultRequestHeaders.TryAddWithoutValidation("User-Agent",
"Company Name/Client Name/Client Version");
var result = httpClient.GetAsync(StagingURL).Result;
Always get a 401, Unauthorized Access error from the Apple Server. Wanted to know what the cause might be.
Thanks in advance!
Apparently, indeed only two staging certificates can be active at one time.
As for the certificate issue, .pem parsing might have been an issue but did not work with a .cer file either. The .pem only had the public key in it, needed to create a .p12 with the .pem and the private key that was used for generating the .csr.
If you are on a mac you should get it right away, on Windows, I had .jks file and had to create a .key file out of it:
keytool -importkeystore -srckeystore mykey.jks -destkeystore keystore.p12 -deststoretype PKCS12
openssl pkcs12 -in keystore.p12 -nocerts -nodes -out mykey.key
And then wrap the two in a .p12
openssl pkcs12 -export -in mycert.pem -inkey mykey.key -out myp12.p12