Zenprise Device Manager 6.1

Similar documents
Guide for Generating. Apple Push Notification Service Certificate

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

APNS Certificate generating and installation

How to Obtain an APNs Certificate for CA MDM

Zenprise Device Manager 6.1.5

Generating an Apple Push Notification Service Certificate

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Creating an Apple APNS Certificate

QMX ios MDM Pre-Requisites and Installation Guide

Mobile Secure Cloud Edition Document Version: ios Application Signing

How to generate an APNs Certificate to use the Apple MDM protocol via the portal

Generating an Apple Enterprise MDM Certificate

Generating and Renewing an APNs Certificate. Technical Paper May 2012

CA Mobile Device Management. How to Create Custom-Signed CA MDM Client App

VITAL SIGNS Quick Start Guide

Sophos Mobile Control Installation guide

Browser-based Support Console

Configuration Guide. BES12 Cloud

Kaspersky Lab Mobile Device Management Deployment Guide

Sophos Mobile Control Installation guide. Product version: 3.5

WHITE PAPER Citrix Secure Gateway Startup Guide

Mobility Manager 9.0. Installation Guide

ManageEngine Desktop Central. Mobile Device Management User Guide

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15


BuzzTouch ios Push Notifications


Introduction VITAL SIGNS FROM SAVISION / FAQS Savision B.V. savision.com All rights reserved.

Sophos Mobile Control Installation guide. Product version: 3.6

StarWind iscsi SAN Software: Installing StarWind on Windows Server 2008 R2 Server Core

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

BlackBerry Enterprise Service 10. Version: Configuration Guide

Sophos Mobile Control Installation guide. Product version: 3

Secure IIS Web Server with SSL

Sophos Mobile Control SaaS startup guide. Product version: 6

Sophos Mobile Control Startup guide. Product version: 3.5

Getting Started Guide: Getting the most out of your Windows Intune cloud

Cloud Services MDM. Control Panel Provisioning Guide

Sophos Mobile Control Startup guide. Product version: 3

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

Generating the APNs certificate is a three-step process: Download the AirWatch-signed CSR from the AirWatch Admin Console.

Office of Information Technology Connecting to Microsoft Exchange User Guide

AVG Business SSO Partner Getting Started Guide

EM L12 Symantec Mobile Management and Managed PKI Hands-On Lab

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Copyright 2013, 3CX Ltd.

ios Team Administration Guide (Legacy)

Engage ios App Administrator s Guide

Centrify Cloud Management Suite

Clearswift Information Governance

Mobile Device Management Version 8. Last updated:

CLIENT CERTIFICATE (EAP-TLS USE)

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

SonicWALL Mobile Connect. Mobile Connect for OS X 3.0. User Guide

Introduction to Mobile Access Gateway Installation

Mobile Configuration Profiles for ios Devices Technical Note

Using the Push Notifications Extension Part 1: Certificates and Setup

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

Configuration Guide BES12. Version 12.3

Configuration Guide BES12. Version 12.2

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

e-cert (Server) User Guide For Microsoft IIS 7.0

System Administration Training Guide. S100 Installation and Site Management

BASIC CLASSWEB.LINK INSTALLATION MANUAL

EMR Link Server Interface Installation

App Distribution Guide

Kaspersky Security Center Web-Console

Setting Up SSL on IIS6 for MEGA Advisor

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Copyright 2013 Trend Micro Incorporated. All rights reserved.

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

QuickStart Guide for Mobile Device Management. Version 8.6

NETGEAR genie Apps. User Manual. 350 East Plumeria Drive San Jose, CA USA. August v1.0

Colligo Briefcase Enterprise. Administrator s Guide

0651 Installing PointCentral 8.0 For the First Time

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

Technical Certificates Overview

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

QuickStart Guide for Mobile Device Management

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Advanced Configuration Steps

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Certificates and Application Resigning

Installation Instructions

NSi Mobile Installation Guide. Version 6.2

For Active Directory Installation Guide

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices

Sophos Mobile Control as a Service Startup guide. Product version: 3.5

Installing and Configuring vcloud Connector

Important. Please read this User s Manual carefully to familiarize yourself with safe and effective usage.

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Configuration Guide BES12. Version 12.1

Copyright 2012 Trend Micro Incorporated. All rights reserved.

LogMeIn Hamachi. Getting Started Guide

Acronis and Acronis Secure Zone are registered trademarks of Acronis International GmbH.

Transcription:

Zenprise Device Manager 6.1 APPLE APNS CERTIFICATE SETUP GUIDE Rev 6.10.00

2 ZENPRISE DEVICE MANAGER 6.1 APPLE APNS CERTIFICATE SETUP GUIDE 2011 Zenprise, Inc. All rights reserved. This manual, as well as the software described in it, is furnished under license and may be used or copied only in accordance with the terms of such license. The content of this manual is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Zenprise, Incorporated. Zenprise Incorporated assumes no responsibility or liability for any errors or inaccuracies that may appear in this book. Except as permitted by such license, no part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without prior written permission of Zenprise, Incorporated. Any references to company names, organizations, persons, or places are for demonstrations purposes only and are not intended to refer to any actual company, organization, person or place. REVISION NUMBER: 6.10.00

3 Contents 1 Introduction... 4 1.1 Related Documentation... 4 1.2 Document Conventions... 5 2 Apple APNS for Device Manager... 6 2.1 Overview... 6 2.2 What is an Apple APNS Certificate?... 6 2.3 Basic APNS Certificate Steps... 7 3 The Certificate Signing Request... 8 3.1 Creating a CSR with Windows 7 & Server 2008... 8 3.2 Creating a CSR with Mac OS X... 12 4 Apple APNS Certificate Process... 15 4.1 Apple ios Developer for Enterprise Portal... 15 4.2 Generating an App ID and APNS Certificates... 15 5 Exporting Certificates... 23 5.1 Export the APNS Certificate: Windows OS... 23 5.2 Export the APNS Certificate: Mac OS X... 25 6 Appendix... 28 6.1 Using OpenSSL... 28

Introduction 4 1 INTRODUCTION This document describes setup and creation of an APNS certificate from the Apple ios Developer for Enterprise program for use with the Zenprise Device Manager system from Zenprise, Inc. It discusses the basics of the Apple APNS (Push Notification System) and how it relates to the use with Device Manager. The content herein is intended for system administrators responsible for the implementation, configuration and upkeep of enterprise-class system for managing mobile devices and users of them. The document is organized as follows: Chapter 1, Introduction, provides the scope and purpose of the document. Chapter 2, Apple APNS for Device Manager, provides a general description of the process to enrol in the Apple ios Developer for Enterprise program and the required steps to obtain a valid APNS certificate. Chapter 3, The Certificate Signing Request, steps through the instructions for creating a new CSR file from either a Mac OS X or Windows based computer. Chapter 4, Apple APNS Certificate Process, steps through the instructions for using the Apple ios Developer for Enterprise portal to generate and download a valid APNS certificate associated with an App ID. Chapter 5, Exporting Certificates, discusses the remaining steps to export the APNS certificate from a Mac OS X or Windows based computer into the proper format for use with Zenprise Device Manager server. The Appendix discusses briefly the option to use OpenSSL as an alternative to the certificate process described for Mac OS X and Windows based computers in this document. 1.1 RELATED DOCUMENTATION Other documents available in regard to Zenprise Device Manager include the following: Device Manager Quick Start Guide summarizes the steps required to establish a basic functional configuration of the Device Manager server, create basic device Configuration Policies, device Deployment Packages, establish a Remote Support Client session, and work with devices. Device Manager Installation Guide provides the procedures to install and/or upgrade the Device Manager server product. Device Manager System Administration Guide provides details about configuring the application and essential steps required to register devices, users, policies, files, and deployment packages. Device Manager s integrated reporting subsystem is also discussed. Device Manager Client Guide - describes installation and use of the device client for Windows Mobile, Android and ios devices.

Introduction 5 Device Manager F5 High Availability Guide provides the procedures to setup the Device Manager server product in high availability mode with an F5 network load balancer appliance. Device Manager Mobile Application Gateway Setup Guide describes the setup and use of the Mobile Application Gateway to control ActiveSync mobile device traffic, as well as application Whitelist/Blacklist filtering, and specific device & user filtering options available when integrated with a Microsoft ISA 2006 or TMG 2010 server firewall. Device Manager Remote Support User s Guide discusses using Device Manager s remote control features to work with devices on behalf of users in the field. 1.2 DOCUMENT CONVENTIONS The following conventions are used throughout the document: Notes and Warning Notes and other information topics are emphasized as follows: Note: you can also use CTRL-Q to quit. Warning convey limits, negative impacts or other important information as follows: Note: Do not close the window before the process ends. Application Elements Window names, field labels, and other elements are italicized. Code Samples Scripts, program source code, configuration files and the like are handled in this fashion: AddObjectProperty attributemap {element: value, element, value} User Entry Things you type, select or click including user names, passwords, responses, buttons and commands are shown in bold.

Apple APNS for Device Manager 6 2 APPLE APNS FOR DEVICE MANAGER 2.1 OVERVIEW Before you can setup Zenprise Device Manager and manage ios devices you will need an Apple Push Notification Service (APNS) certificate. This document explains the details need to acquire an APNS certificate from your Apple Developer portal and instructions for uploading your APNS certificate to the Zenprise Device Manager management console. 2.2 WHAT IS AN APPLE APNS CERTIFICATE? The Apple Push Notification Service (APNS for short) is a mobile notification service created by Apple, Inc. APNS uses push technology through an accredited and encrypted IP connection to forward notifications over persistent connections from application servers like Zenprise Device Manager to ios devices like the iphone, ipad, and ipod Touch. Many ios applications present dynamic content delivered over the Internet. Push notifications (also known as remote notifications) are a way to let users know that new or updated content they're interested in is available even if the target application is not running. APNS notifications can include applications data updates, triggered alert sounds or custom text alerts to the ios device. An APNS certificate is a provisioned security certificate provided through the Apple Developer portal as part of the available benefits with the Apple ios Developer Enterprise Program available on the Apple web site at: (http://developer.apple.com/programs/ios/enterprise). The certificate is requested by an authorized participant of the enrolled developer program and is available for download on the developer customer portal site once approved by the Apple Developer Program. Each organization needs to request and generate one APNS certificate for each individual application that requires use of the APN service. Zenprise Device Manager requires one unique certificate to be assigned to the application and host server prior to installation, and during installation the certificate will be imported to complete the configuration and connection to the APN services at Apple. Zenprise cannot provide or issue an APNS certificate to your organization. Only Apple, Inc. can provision APNS certificates to enrolled Apple ios Developer Enterprise Program participants.

Apple APNS for Device Manager 7 2.3 BASIC APNS CERTIFICATE STEPS There are a few steps to complete in order to obtain your APNS certificate from Apple, Inc. using a computer running Apple Mac OS X and Microsoft Windows operating systems. Requesting and generating an APNS certificate needs to be executed from only one computer. The process is similar for each computer platform with the exception of the tools and exact steps for each OS to originate and complete the certificate request and certificate export. The essential steps for obtaining your APNS certificate are as follows: 1. Create a Certificate Signing Request (CSR) from a computer that can be used for duration of the APNS certificate generation process. 2. Upload the CSR to your Apple Development portal (Apple will sign your certificate in 3-5 business days). 3. Download the signed certificate from your Apple Development portal and complete the initial CSR request. 4. Export the APNS certificate from your computer into the supported PKCS#12 (.p12) format and upload to Zenprise Device Manager during installation. Before you begin please ensure you have the following prerequisites completed: Enroll in the Apple ios Developer Enterprise Program located at: (http://developer.apple.com/programs/ios/enterprise). There is an annual enrollment fee per organization and the enrollment also requires specific registration information like your organization s DUNS (Dun & Bradstreet) number and the ability to provide legal contract authority to bind your organization to the ios Developer Program Enterprise License Agreement. Allow 3-5 business days to activate your new developer program membership, and the same lead-time for issuing your APNS certificate once the CSR is received by Apple, Inc. Assign the Apple Developer account role that will be issuing the certificate approvals the rights as Agent. The Agent role is the only role that can create and approve the APNS enrolled App ID and issues the APNS certificate. Note that there can only be one Agent role account per enrolled developer program. Mac OS X 10.5 or greater workstation* or Windows Vista SP1, Windows 7, and Windows Server 2008 with local Administrator permissions to create the CSR and issue an exported PKCS#12 (.p12 or.pfx) format certificate for use with Zenprise Device Manager. To develop with ios SDK you must have an Intel-based Mac running Mac OS X 10.5 Snow Leopard or later. Windows Vista SP1, Windows 7 or Windows Server 2008 is required when using the IIS Certificate Wizard in the steps we provide. Use the same computer for the entire certificate generation process. Safari 4, Firefox 3.2 or greater, and Internet Explorer 7 or greater is supported and recommended for best results. Designate a fully qualified DNS (FQDN) name for your Zenprise Device Manager server that will be resolvable both from the public Internet and your organizations internal network. (It is recommended to use a DNS aliased CNAME or dedicated A-Record pointer to your server instead of the computer host name.

The Certificate Signing Request 8 3 THE CERTIFICATE SIGNING REQUEST The first component needed to start with the APNS certificate enrollment, after your Apple ios Developer for Enterprise Portal is working, is the creation of a Certificate Signing Request, or CSR. A CSR is a file generated from a computer s local certificate or security keystore application that contains necessary properties for a Certificate Authority (CA) to understand what kind of certificate is being requested and what ownership and purpose the requested certificate is to be applied and registered with the CA. With respect to the Apple APNS certificate enrollment, the CSR created in this process will be used for the provisioning of a Production Push SSL Certificate for APNS that can be used with your Zenprise Device Manager server. This documented procedure will focus on the use of the Production Push SSL Certificate for the purposes of this document and installation with the Zenprise Device Manager server. A CSR can be created from any computer with a local certificate service or certificate keystore application. This document will cover the methods of generating a CSR from Apple Mac OS X with the Keychain Access utility, and Microsoft Windows Vista SP1, Windows 7 and the Windows Server 2008 operating systems using the Feature Add-in for Internet Information Services (IIS) Web Management Tools. IMPORTANT: The process for creating the CSR file and later converting the downloaded APNS certificate for use with Zenprise Device Manager server requires the use of the same computer with the same private key to complete the process. Using two different computers cannot process the CSR and exported APNS certificate steps unless the same local CA private key is used, and is not recommended. 3.1 CREATING A CSR WITH WINDOWS 7 & SERVER 2008 1. Turn on the Windows Feature for Internet Information Services (IIS) to enable only the Web Management Tools. This can be found by navigating to the Programs and Features control panel.

The Certificate Signing Request 9 2. Start the IIS Manager utility from the local computer Administrative Tools menu, commonly located within the Windows Start menu. Double-click the Server Certificates icon for IIS. The utility needs to be started by a user logged in with Administrator rights, or started using Run as Administrator. 3. The Server Certificates features will be available. Choose the option to Create Certificate Request from the right-hand Actions navigation panel. 4. The Request Certificate wizard will open and present the Distinguished Name Properties fields that must be completed for the CSR. Enter in the following for your CSR. Click Next once completed. Common Name: this is a simple name to identify your certificate request, sometimes often used is the name of the hosted DNS name for the server or service. Organization: This will typically be the name of the company or management organization.

The Certificate Signing Request 10 Organizational Unit: This will typically be the name of a department or sub-group. City/Locality: The local city where the certificate is being requested/issued. State/Province: The regional abbreviation for the site location. Country/Region: The presiding nation for the issued certificate. 5. Next you must specify the correct Cryptographic Service Provider Properties. For the Apple APNS certificate process the Microsoft RSA SChannel Cryptographic Provider type and 2048- bit length certificate properties must be selected.

The Certificate Signing Request 11 6. A file name must next be specified for your CSR. Identify a location to save your new CSR file and give it a name you will easily recognize then click Finish. 7. The generated and saved CSR file is now ready for upload when stepping through the next part of the Apple APNS certificate request process in Section 4.

The Certificate Signing Request 12 3.2 CREATING A CSR WITH MAC OS X 1. On a Macintosh computer running Mac OS X start the Keychain Access application located under the Utility folder inside the Applications folder. 2. Open the Keychain Access menu and choose Preferences. Change the options for OCSP and CRL on the Certificates tab to Off. Close the Preferences window. 3. Open the Keychain Access menu and choose Request a Certificate From a Certificate Authority from the Certificate Assistant extended menu. 4. The Certificate Assistant will now walk ask you to enter information to start your CSR. Enter your desired Email Address, Common Name, choose the Saved to disk option and check the box to Let me specify key pair information. The email address and common name can be that of the individual or a role account responsible for the management of certificates. Click Continue to proceed.

The Certificate Signing Request 13 5. Enter a name for your certificate signing request (CSR) file and save it to a location that you can easily retrieve the certificate request file. Click Save. 6. The next screen specifies the key pair information. Choose the Key Size of 2048 bits and the RSA algorithm. Click Continue.

The Certificate Signing Request 14 7. The generated and saved CSR file is now ready for upload when stepping through the next part of the Apple APNS certificate request process in Section 4. Click Done when the assistant completes the CSR process.

Apple APNS Certificate Process 15 4 APPLE APNS CERTIFICATE PROCESS 4.1 APPLE IOS DEVELOPER FOR ENTERPRISE PORTAL The next major steps all deal with activity within the Apple Developer Portal. To begin the process of acquiring your APNS certificate from Apple you must first complete the enrolment for the Apple ios Developer for Enterprise program membership. The developer web site has links and videos to guide you through instructions for how to complete the online application. Once completed you can log in with your Agent (primary first account and account owner role) account user name and password to gain access to the ios provisioning portal. 4.2 GENERATING AN APP ID AND APNS CERTIFICATES Once in the ios Provisioning Portal you can begin the steps to navigate and create your App ID that will be assigned to your company for the Zenprise Device Manager server application. You can have multiple App ID s, however you only need one App ID to be created and identified uniquely for use with Zenprise Device Manager. It should be noted that the APNS certificate required for an enterprise mobile device manager solution like Zenprise Device Manager must be provisioned from an enrolled and approved ios Developer for Enterprise account. The Individual and Company class ios Developer programs are not acceptable, nor is using any non-production or developer classified certificates. Only ios Developer for Enterprise class certificates will be accepted for use with Zenprise Device Manager server.

Apple APNS Certificate Process 16 1. Log into the Apple Developer Member Center with the Apple ID assigned to the primary or Agent role. When logged in choose the ios Provisioning Portal link. 2. On the main Provisioning Portal page choose the App IDs option in the left-hand navigation.

Apple APNS Certificate Process 17 3. Next, click the button to create a New App ID. 4. Complete the Description, Bundle See ID and Bundle Identifier fields in the Create App ID area of the Manage tab for the App ID and then click the Submit button. a. Use a simple name or short description that will help you later recognized your App ID configured for Zenprise Device Manager. This helps when your organization might have the need for multiple App IDs deployed for other purposes. b. Leave the selection for the Bundle Seed ID as Generate New c. Create your Bundle Identifier (App ID Suffix) using the format com.apple.mgmt.mycompany.zdmname. Replace the portion MyCompany with your company name or domain name without spaces. The ending suffix ZDMname should be a short suffix word without spaced to identify your production Device Manager Server to the App ID.

Apple APNS Certificate Process 18 5. A new Configure App ID page is presented after submitting. Click the checkbox to Enable for Apple Push Notification service. Click the Configure button for the Production Push SSL Certificate to create your new Apple Push Notification Service certificate. You will need to have your generated CSR (certificate signing request) file available for uploading in the next steps. IMPORTANT: Use only the designated Production Push SSL Certificate associated for an approved App ID with an enterprise device management solution like Zenprise Device Manager. NOTE: The Development Push SSL Certificate for APNS should only be used for testing and development purposes and never installed in a production environment. Irreversible issues such as device disassociation, device service interruption and manual re-enrollment of the ios device to Zenprise Device Manager server will occur if later switching to a Production Push SSL Certificate. NOTE: Development Push SSL Certificates for APNS are limited to the number of devices that can be enrolled for testing, the age of the valid certificate is limited to 3 months, and Apple routes all APNS traffic for development devices through a separate gateway. The Development Push SSL Certificate for APNS should only be used for testing and development purposes and not used with a Production environment.

Apple APNS Certificate Process 19 6. The Apple Push Notification service SSL Certificate Assistant is started when you clicked Configure in Step 4. Click Continue again to proceed to the step to import your certificate signing request (CSR) file. 7. Click the Choose File button and locate your CSR file previously saved on your computer.

Apple APNS Certificate Process 20 8. Click the Generate button once your CSR file is selected and added. 9. The Apple APNS service SSL Certificate is now generated. Click Continue. 10. The Provisioning Portal should now reveal your App ID and the two Development and Production Apple Push Notification services available for configuration. Click the Configure link next to the App ID to continue.

Apple APNS Certificate Process 21 11. The Configure App ID window contains the two available Push SSL Certificates available for configuration. Locate the Production Push SSL Certificate and click Configure to follow the steps to setup the certificate. When you complete the setup for the Production certificates you will see the status change to Enabled, and an expiration date and Download button associated with the provisioned APNS certificate. Finish configuring both APNS certificate services and then click Done.

Apple APNS Certificate Process 22 12. The completed certificates for Production is now ready for download. You only need to use the Production Push SSL Certificate with Zenprise Device Manager server. 13. After downloading your Production Push SSL Certificate for APNS click the Done button. 14. The newly enabled App ID with associated APNS certificate should now appear in your ios Provisioning Portal. You can return to this location to re-download your certificates. Continue to Section 5.

Exporting Certificates 23 5 EXPORTING CERTIFICATES The final step in preparation to enable your Zenprise Device Manager server to use the APNS certificate to enroll, manage and communicate with ios devices is to export the downloaded Production certificate into PKCS#12 format. This format is the only compatible certificate type that can be imported and used by an MDM solution like Zenprise Device Manager. As stated in Section 2, the use of the same computer that created the Certificate Signing Request (CSR) should be the same computer used during the certificate conversion process. Only the issued Production Certificate is needed for Zenprise Device Manager server. These steps will guide through exporting the Production certificate, although the same steps would be used for development certificates. 5.1 EXPORT THE APNS CERTIFICATE: WINDOWS OS 1. Open the Internet Information Services (IIS) Manager administration tool and select the Complete Certificate Request option from the Actions pane. 2. Click the ellipses button and locate the saved Production identity certificates previously downloaded from the ios Provisioning Portal. The default name for the production certificate is aps_production_identity.cer. Enter in a friendly name that can easily identify the certificate in your Server Certificates management console. Click OK to continue.

Exporting Certificates 24 3. Select the imported certificate and choose the Export option via the right-click menu or from the option in the right-hand Actions pane. 4. Enter the path to export the.pfx (PKCS#12 format) certificate file along with a certificate password. Using a unique, strong password is recommended. This password will need to be retained for later use. Click OK to finish. The saved certificate is now ready for use with Zenprise Device Manager server. Be sure to keep the certificate and password safe for later use and reference.

Exporting Certificates 25 5.2 EXPORT THE APNS CERTIFICATE: MAC OS X 1. Locate the Production identity certificate downloaded from the ios Provisioning Portal. Double-click each certificate file to import them into the Keychain. If prompted to add certificates to a specific keychain simply keep the default login keychain selected and click OK. 2. The newly added certificate will appear in your list of certificates. Select the Production Push Services certificate and control-click or choose Export Items from the File menu to begin the step to export the certificate into a PKCS#12, or Personal Information Format (.p12) certificate. 3. Name the certificate file being exported as something unique for use with Zenprise Device Manger server. Choose a folder location for the saved certificate, choose the Personal

Exporting Certificates 26 Information Exchange (.p12) file format and click Save. 4. Enter a password for exporting the certificate. Using a unique, strong password is recommended. This password will need to be retained for later use. 5. The Keychain Access application will prompt for the password to the login or selected keychain. Enter the password and click OK.

Exporting Certificates 27 6. The saved certificate is now ready for use with Zenprise Device Manager server. Be sure to keep the certificate and password safe for later use and reference. Note: If you don t plan to keep and preserve the computer and user account originally used to generate the CSR and complete the certificate export process it is recommended that you save and/or export the Personal and Public Keys originally associated from the local system. Otherwise access to the APNS certificates for reuse will be voided and the entire CSR and APNS process will have to be repeated.

Appendix 28 6 APPENDIX 6.1 USING OPENSSL The use of a command line utility for certificate signing requests and certificate importing and exporting is completely supported, however there are many available command line tools that use different syntax that will vary the steps to complete the process. Provided here are simple guideline examples for how to complete the steps previously covered in Section 3, Creating a CSR and Section 5, Exporting Certificates. The following examples use OpenSSL as the open source command line utility. OpenSSL, the downloadable binaries for the desired operating system, and detailed instruction guides can be found at: http://www.openssl.org. 6.1.1 CREATING A CSR WITH OPENSSL Here is the simple command string with generic variables needed to create a new CSR for use in Section 4, Apple APNS Certificate Process. rem #!/bin/sh openssl genrsa -out apns-cert.key 2048 openssl req -new -key apns-cert.key -out apns-cert.csr -subj "/emailaddress=email.address@mycompany.com,cn=zdm.mycompany.com,o=my Company,OU=Department,L=Anytown,S=State,C=US" 6.1.2 EXPORTING THE CERTIFICATE Here is the simple command string with generic variables needed to export the downloaded Apple APNS Production certificate from a.cer file format into a.pem file format, and finally into a.p12 file format. rem #!/bin/sh rem # Convert.cer to.pem openssl x509 -inform der -in aps_production_identity.cer -out apns-certproduction.pem rem # Convert.pem to.p12 openssl pkcs12 -export -out apns-cert-production.p12 -inkey apns-cert.key - in apns-cert-production.pem -passout pass:passw0rd!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information