CA Mobile Device Management. How to Create Custom-Signed CA MDM Client App



Similar documents
Mobile Secure Cloud Edition Document Version: ios Application Signing

CA Cloud Service Delivery Platform

CA Cloud Service Delivery Platform

CA APM Cloud Monitor. Scripting Guide. Release 8.2

CA NetQoS Performance Center

ios Team Administration Guide (Legacy)

CA Change Manager Enterprise Workbench r12

How to Obtain an APNs Certificate for CA MDM

Guide for Generating. Apple Push Notification Service Certificate

CA VPN Client. User Guide for Windows

CA Nimsoft Monitor. Probe Guide for Active Directory Response. ad_response v1.6 series

CA Cloud Service Delivery Platform

CA Nimsoft Monitor. Probe Guide for Microsoft Exchange Server Response Monitoring. ews_response v1.1 series

CA Nimsoft Service Desk

CA Nimsoft Unified Management Portal

CA Nimsoft Monitor. Probe Guide for Lotus Notes Server Monitoring. notes_server v1.5 series

CA Nimsoft Monitor. Probe Guide for Performance Collector. perfmon v1.5 series

Upgrade Guide. CA Application Delivery Analysis 10.1

CA Mobile Device Management 2014 Q1 Getting Started

CA Spectrum and CA Embedded Entitlements Manager

Generating an Apple Enterprise MDM Certificate

CA Nimsoft Monitor. Probe Guide for Cloud Monitoring Gateway. cuegtw v1.0 series

Mobile Time Manager. Release 1.2.1

CA Clarity PPM. Connector for Microsoft SharePoint Product Guide. Service Pack

CA Spectrum and CA Service Desk

CA Clarity PPM. Connector for Microsoft SharePoint Release Notes. v2.0.00

CA Unified Infrastructure Management

How To Install Caarcserve Backup Patch Manager (Carcserver) On A Pc Or Mac Or Mac (Or Mac)

APNS Certificate generating and installation

Creating an Apple APNS Certificate

CA Nimsoft Monitor. Probe Guide for CA ServiceDesk Gateway. casdgtw v2.4 series

CA Unified Infrastructure Management Server

CA Workload Automation Agent for Microsoft SQL Server

CA Nimsoft Monitor. Probe Guide for URL Endpoint Response Monitoring. url_response v4.1 series

Zenprise Device Manager 6.1

Nimsoft Monitor. dns_response Guide. v1.6 series

CA Nimsoft Monitor. Probe Guide for iseries System Statistics Monitoring. sysstat v1.1 series

CA Nimsoft Service Desk. Compatibility Matrix

CA Nimsoft Monitor. Probe Guide for Java Virtual Machine Monitoring. jvm_monitor v1.4 series

CA Nimsoft Monitor. Probe Guide for DNS Response Monitoring. dns_response v1.6 series

Unicenter NSM Integration for BMC Remedy. User Guide

Connector for CA Unicenter Asset Portfolio Management Product Guide - On Premise. Service Pack

CA Nimsoft Monitor. Probe Guide for Internet Control Message Protocol Ping. icmp v1.1 series

CA Desktop Migration Manager

BrightStor ARCserve Backup for Linux

BrightStor ARCserve Backup for Windows

How to generate an APNs Certificate to use the Apple MDM protocol via the portal

CA Performance Center

Intuit Field Service Management ES

CA Clarity Project & Portfolio Manager

CA Clarity Project & Portfolio Manager

CA SMF Director. Release Notes. Release

CA Nimsoft Monitor. Probe Guide for E2E Application Response Monitoring. e2e_appmon v2.2 series

Chapter 1: How to Configure Certificate-Based Authentication

CA Workload Automation Agent for Remote Execution

CA Unified Infrastructure Management

CA Clarity PPM. Demand Management User Guide. v

CA Technologies SiteMinder

BrightStor ARCserve Backup for Windows

Your First App Store Submission

CA Spectrum. Microsoft MOM and SCOM Integration Guide. Release 9.4

Engage ios App Administrator s Guide

Arcserve Cloud. Arcserve Cloud Getting Started Guide

CA Unified Infrastructure Management

CA SiteMinder. Web Agent Installation Guide for IIS 12.51

CA Clarity PPM. Resource Management User Guide. v

CA Cloud Storage for System z

Intuit Field Service Management. Interacting with the Dispatcher User Guide. Interacting with the Dispatcher -- User Guide 1

Generating an Apple Push Notification Service Certificate

DevTest Solutions. Local License Server. Version 2.1.2

App Distribution Guide

CA SiteMinder. Web Agent Installation Guide for IIS. r12.5

CA ARCserve Backup for Windows

CA SiteMinder. Directory Configuration - OpenLDAP. r6.0 SP6

Chapter 1: How to Register a UNIX Host in a One-Way Trust Domain Environment 3

CA Workload Automation Agent for Databases

Dell Statistica Statistica Enterprise Installation Instructions

Colligo Briefcase Enterprise. Administrator s Guide

Intuit Field Service Management ES. Self Configuration Quick Start. User Guide

Unicenter Patch Management

CA Clarity PPM. Project Management User Guide. v

Unicenter Service Desk

CA Nimsoft Monitor. Probe Guide for File and directory checking. dirscan v3.0 series

Certificates and Application Resigning

etrust Audit Using the Recorder for Check Point FireWall-1 1.5

Dell Statistica Document Management System (SDMS) Installation Instructions

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

CA XOsoft Replication for Windows

CA Nimsoft Monitor. Probe Guide for Apache HTTP Server Monitoring. apache v1.5 series

CA Clarity PPM. Financial Management User Guide. v

WatchDox Administrator's Guide. Application Version 3.7.5

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

CA Product Vision. Getting Started Guide

CA Performance Center

QuickStart Guide for Mobile Device Management

CA ARCserve Replication and High Availability for Windows

CA Unified Infrastructure Management

CA ARCserve Backup for Windows

CA Nimsoft Monitor. Probe Guide for Sharepoint. sharepoint v1.6 series

CA Identity Manager. Glossary. r12.5 SP8

Transcription:

CA Mobile Device Management How to Create Custom-Signed CA MDM Client App

This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your informational purposes only and is subject to change or withdrawal by CA at any time. This Documentation is proprietary information of CA and may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. If you are a licensed user of the software product(s) addressed in the Documentation, you may print or otherwise make available a reasonable number of copies of the Documentation for internal use by you and your employees in connection with that software, provided that all CA copyright notices and legends are affixed to each reproduced copy. The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicable license for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility to certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION AS IS WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST INVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. The use of any software product referenced in the Documentation is governed by the applicable license agreement and such license agreement is not modified in any way by the terms of this notice. The manufacturer of this Documentation is CA. Provided with Restricted Rights. Use, duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, or their successors. Copyright 2014 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Contact CA Technologies Contact CA Support For your convenience, CA Technologies provides one site where you can access the information that you need for your Home Office, Small Business, and Enterprise CA Technologies products. At http://ca.com/support, you can access the following resources: Online and telephone contact information for technical assistance and customer services Information about user communities and forums Product and documentation downloads CA Support policies and guidelines Other helpful resources appropriate for your product Providing Feedback About Product Documentation If you have comments or questions about CA Technologies product documentation, you can send a message to techpubs@ca.com. To provide feedback about CA Technologies product documentation, complete our short customer survey which is available on the CA Support website at http://ca.com/docs.

Contents Chapter 1: How to Create a Custom-Signed CA MDM Client App 7 Add CA Technologies as Team Member... 8 Generate a CSR... 9 Generate a CSR on a Macintosh... 9 Generate a CSR on a Windows Server using IIS Manager... 10 Create ios Distribution Certificate... 11 Create App ID... 12 Create ios Provisioning Profile... 12 Create Custom-Signed CA MDM Client App... 14 Custom App Icons Information... 15 Yearly ios Application Re-Signing... 16 Contents 5

Chapter 1: How to Create a Custom-Signed CA MDM Client App This document provides information on how to obtain the files for engaging with CA Technologies to deliver a Custom-Signed CA MDM Client App for your enterprise. Use the following process to create a custom signed CA MDM client app: 1. Add CA Technologies as Team Member (see page 8) 2. Generate a CSR (see page 9) 3. Create ios Distribution Certificate (see page 11) 4. Create App ID (see page 12) 5. Create ios Provisioning Profile (see page 12) 6. Create Custom-Signed CA MDM Client App (see page 14) Chapter 1: How to Create a Custom-Signed CA MDM Client App 7

Add CA Technologies as Team Member Add CA Technologies as Team Member Add CA Technologies as a Team Member on your enterprises Apple Developer Program. Apple requires that third party contractors are added to the enterprises developer team in order to sign custom built in house applications with your developer certificates. Apple only requires you to add a CA Technologies contractor as a Team Member, this is for tracking purposes only. The account will not be accessed by the CA Technologies employee. Below is an explanation of what the role permissions are. Team roles Component Team agent Team admin Team member Description A team agent is legally responsible for the team and acts as the primary contact with Apple. The team agent can change the access level of any other member of the team. A team admin can set the privilege levels of other participants, although a team admin cannot demote the team agent. Team admins manage all assets used to sign your apps, either during development or when your team is ready to distribute an app. Team admins are the only people on a team that can sign apps for distribution on nondevelopment devices. Team admins also approve signing certificate requests made by team members. A team member gains access to prerelease content delivered by Apple on that program s portal. A team member can also sign apps during development, and but only after he or she makes a request for a development signing certificate and has that request approved by a team admin. Follow the instructions below and utilize the following information for the CA Technologies developer: First Name: Brian Last Name: Peck Email Address: camdm-customer@ca.com Build Your Team by Adding Team Admins and Team Members If you are a team admin, add people to your development team through the Member Center. When you add a person to your team, you can grant them access to the developer programs that your team is enrolled in. 8 How to Create Custom-Signed CA MDM Client App

Generate a CSR 1. In the Member Center, click People in the bar at the top. 2. Click Invitations in the sidebar. 3. Click Invite Person and provide the first name, last name, and email address. 4. Specify the person s access and role for each program. 5. Click Send Invitation. Generate a CSR You can create a certificate signing request either on a Windows server or a Macintosh server. Generate a CSR on a Macintosh On any Macintosh server in your enterprise, use the Keychain Access utility to create your CSR. 1. Open Applications, Utilities, and Keychain Access on your server. 2. Select Keychain, Login and Category, Certificates in the left pane. 3. Select Keychain Access, Certificate Assistant, and Request a Certificate from a Certificate Authority. 4. Enter the email address and common name. 5. Select Save to disk, and Let me specify key pair information, and click Continue. 6. For ease of access, choose your desktop as the location of the.csr file. 7. In the Key Pair Information pane, choose 2048 as the key size and RSA as the algorithm. 8. Save the file (.CSR) and record the location. The CSR request is created on Macintosh and is ready for signing. Chapter 1: How to Create a Custom-Signed CA MDM Client App 9

Generate a CSR Export Private Key on a Macintosh 1. To export your private key and certificate, open up the Keychain Access Application and select the Keys category. 2. Control-Click on the private key associated with your ios Distribution Certificate and click Export Items in the menu. The private key is identified by the ios Developer: <First Name> <Last Name> public certificate that is paired with it. 3. Save your key in the Personal Information Exchange (.p12) file format. 4. You will be prompted to create a password which is used when you attempt to import this key on another computer. 5. You can now transfer this.p12 file between systems. Generate a CSR on a Windows Server using IIS Manager To create your CSR on a Windows server in your enterprise, use the IIS Manager utility. 1. Click Start, Internet Information Services (IIS) Manager. 2. Select the server from the Connections column, and navigate to Server Certificates in the IIS section. 3. Click Create Certificate Request and provide the details. 4. Common name defines the name of the person generating the request. 5. Click Save. 6. Select Microsoft RSA Channel in the Cryptographic Service Provider. 7. Select 2048 or greater Bit length. 8. Enter the file name for the certificate request. 9. Click Finish. Export Private Key on a Windows The CSR request is created on Windows and is ready for signing. 1. Click on the Start Menu, go to Administrative Tools, and click on Internet Information Services (IIS) Manager. 2. Click on the name of the server in the Connections column on the left. Double-click on Server Certificates. 10 How to Create Custom-Signed CA MDM Client App

Create ios Distribution Certificate 3. In the Actions column on the right, click on Complete Certificate Request... 4. Click the button with the three dots and select the.cer certificate that you received from the ios Developer Portal. If the certificate doesn t have a.cer file extension, select to view all types. 5. Enter a friendly name you want so you can keep track of the certificate on this server. Click OK. 6. If successful, you will see the certificate in the list. If you receive an error stating that the request or private key can t be found, make sure you are using the correct certificate and that you are installing it to the same server that you generated the CSR on. 7. Now, you need to export the certificate to the correct format. Right-click the certificate you just imported and select Export. 8. Click the button with the three dots to specify a path to save the certificate file in.pfx format. When exporting the certificate, you are required to enter a password used for exporting the certificate. 9. Now, you will have the certificate in.pfx format. Create ios Distribution Certificate The distribution certificate identifies your organization in a distribution provisioning profile and allows you to submit your app to the store. Only a team agent or an admin can create a distribution certificate. 1. In the ios Dev Center page, click Certificates, Identifiers, & Profiles in the ios Developer Program section. 2. Navigate to ios Apps section, Certificates. 3. Select Production. Request the ios Distribution Certificate by clicking the + icon. 4. In the Production section, select Inhouse and Ad Hoc. Note: If the In-House and Ad Hoc option is greyed out, it implies that an iphone Distribution certificate already exists under your developer program. The ios Developer program only allows the creation of one iphone Distribution certificate. 5. Click Continue and follow the instructions to submit a CSR (Certificate Signed Request). Once the process is complete the portal will provide a download. Select the certificate from the list, download the certificate, and save the.cer file. Chapter 1: How to Create a Custom-Signed CA MDM Client App 11

Create App ID Create App ID An App ID is a two-part string used to identify one or more apps from a single development team. The string consists of a Team ID and a bundle ID search string, with a period (.) separating the two parts. The Team ID is supplied by Apple and is unique to a specific development team, while the bundle ID search string is supplied by the customer to match either the bundle ID of a single app or a set of bundle IDs for a group of apps. 1. In the ios Dev Center page, navigate to ios Apps, Identifiers, App IDs. 2. Click the + icon to create a 'New App ID' for the CA MDM client (for example com.companyname.camdmclient). Do not use 'com.ca.mdm1' since that matches the App ID of the CA MDM client on the AppStore. Important! Do not use the option to create a wildcard App ID. A wildcard app ID is not permitted to be used in the custom app signing portal, and will be rejected. 3. You need not enable App Services for the App ID. Leave the default selections. However, enable Push Notifications if you wish to take advantage of the ability to send push messages to the custom CA MDM Client app. This feature is available in CA MDM 2014 Q1 and later. 4. Select Explicit App ID and enter the Bundle ID for your CA MDM app using your company name and CA MDMclient (for example com.<companyname>.camdmclient). 5. Confirm the App ID settings by selecting Submit. 6. Select Done once registration of the App ID is complete. Create ios Provisioning Profile The provisioning profile enables your app to run by identifying you (through your development certificate) and your device (by listing its unique device identifier). 1. In the ios Dev Center page, navigate to ios Apps, Provisioning Profile, Distribution. 2. Click the + icon to create a new Distribution Provisioning Profile. 3. Select Distribution, In House. 4. Select the App ID created in previous procedure (see page 12). 5. Select the Distribution Certificate created in the previous procedure (see page 11). 12 How to Create Custom-Signed CA MDM Client App

Create ios Provisioning Profile 6. Enter a profile name and click Generate. 7. Once the Provisioning Profile is created, save the.mobileprovision file. Chapter 1: How to Create a Custom-Signed CA MDM Client App 13

Create Custom-Signed CA MDM Client App Create Custom-Signed CA MDM Client App Verify that the following items are available for upload to create your custom-signed CA MDM Client App. Custom Icons (if required). Review custom app icons information (see page 15). Application display name Exported enterprise distribution certificate (.p12/.pfx file) Password for your exported enterprise distribution certificate/private key Distribution provisioning profile file (.mobileprovision file) 14 How to Create Custom-Signed CA MDM Client App

Create Custom-Signed CA MDM Client App 1. Login to the CA Support Portal http://support.ca.com/. 2. Click Open a Case. 3. Enter the Product, Case, and Contact Information. 4. Verify that the Case Title is 'Custom-Signed CA MDM Client App'. 5. Verify that you provide the CA MDM App Display Name. This title is displayed below the app icon on the ios device. 6. Specify the CA MDM App Version. (CA MDM 2013 Q4, CA MDM 2014 Q1 or higher) 7. Submit the Case. 8. Navigate to File Attachments and attach the following files: a. Custom Icons (if required) b. Exported.p12/.pfx certificate c. Password for your exported enterprise distribution certificate d. Distribution provisioning profile file (.mobileprovision) 9. You will be notified once the Custom-Signed CA MDM Client App has been created by CA Technologies. This process usually takes 48 hours. 10. Navigate to the Support Case, Files From CA. 11. Download the Custom-Signed CA MDM Client App. After you obtain the Custom-Signed CA MDM Client App, you can distribute to test the CA MDM Client App. Note: Your Distribution Certificate, Password, and Provisioning Profile are deleted after the Custom-Signed CA MDM Client App is built. Custom App Icons Information If you intend to replace the CA MDM App icon with your custom App icons, then review the following guidelines: Review the ios Human Interface Guidelines before creating your App icon. Upload only PNG, JPG, or GIF files. Provide the App icon in 120 x 120 pixels and 60 x 60 pixels for iphone and ipod touch. The icon size is resized if not provided in the specified pixel. Provide the App icon in 152 x 152 pixels and 76 x 76 pixels for ipad. The icon size is resized if not provided in the specified pixel. Provide the App icon in 1024 x 1024 pixels and 512 x 512 pixels for the App Store. All image files must be less than 2 MB in size. Chapter 1: How to Create a Custom-Signed CA MDM Client App 15

Yearly ios Application Re-Signing Yearly ios Application Re-Signing Apple will force the provisioning profile to expire one year from the time of creation. To ensure uninterrupted use of the enterprise application, upon expiration or soon before, you will be required to perform the following steps: 1. Log into the ios Developer Provisioning Portal and re-create the provisioning profile. 2. Log into the CA MDM support website and open a new Support Case. Follow the How to Create Custom-Signed CA MDM Client App (see page 7) procedure to create a custom-signed CA MDM client app with the updated provisioning profile. 3. Depending on your version of CA MDM, perform one of the following steps: a. Re-run the EUSSP setup for all End-User Self Service portals that use the custom CA MDM app and specify the new custom application during the installation setup. b. Upload the new custom application on the CA MDM Admin Console under Server, Configuration, ios CA MDM Application to use the new custom application for future enrollments. 4. Update the CA MDM application on existing user devices. 16 How to Create Custom-Signed CA MDM Client App

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information