Approved by: Sean Holden on
Confluence/External link(s) used:
Apple Mobile Device Management (MDM) requires an Apple Push Notification service (APNs) certificate; renewable yearly.
The cmd.exe application should be opened with 'Run as an Administrator' for all commands in this KB.
- An appropriate copy of OpenSSL, which must be downloaded and installed.
Note, the light version does not include the necessary configuration files.
|Table of Contents|
Creating the Certificate Signing Request (CSR)
- Open cmd.exe as an Administrator
Create a CSR. Enter the following command, which will result in two new files on the Desktop: request.csr and privateKey.key:
Code Block language powershell
"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" req -out "%USERPROFILE%\Desktop\request.csr" -new -newkey rsa:2048 -nodes -keyout "%USERPROFILE%\Desktop\privateKey.key" -config "C:\Program Files\OpenSSL-Win64\bin\cnf\openssl.cnf"
Certificate Private Key names are visible from openssl commands and the Common Name is used to set the Private Key name. Supplying the Apple ID and Server as the Common Name, ensures the Apple ID used to generate the certificate will be stored for future reference.
Sign the CSR
CSR requests must be signed before uploading to Apple. FileWave has a portal for this process, which requires an active FileWave account.
- Navigate to https://csr.filewave.com/list_csr and login.
- Upload the previously created CSR.
- 'Download signed CSR' should list this uploaded and now signed CSR.
- Download this newly signed CSR, ready for upload to Apple in the next section. Again consider where this certificate is stored.
Upload the signed FileWave CSR to Apple
Click 'Download' and save the ".pem" file. Again consider where this certificate is stored.
Create a ".p12" from the Signed CSR
- Open cmd.exe as an Administrator
Create a ".p12". Entering the following command will create the ".p12" on the Desktop:
Code Block language powershell title Combining APNs Certificate with Private Key, generating a ".p12"
"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" pkcs12 -export -in "%USERPROFILE%\Downloads\MDM_ FileWave (Europe) Gmbh_Certificate.pem" -inkey "%USERPROFILE%\Desktop\privateKey.key" -out "%USERPROFILE%\Desktop\push_cert.p12" -name fw-apns
Leave the 'Export Password' blank
Certificate details may be checked:
Anchor openssl_show_p12 openssl_show_p12 Tip title Common Name and Topic
The name of the Private Key will show the value defined as the "Common Name" from the creation of the CSR. Where recommendation was followed, this should list the Apple ID and Server name. Additionally the name of the Certificate is the same as the Topic.
Code Block language powershell title Read the created ".p12" file
"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" pkcs12 -info -in C:\Users\Administrator\Desktop\push_cert.p12
Note, below image has been edited to remove some details and highlight the two key items of interest.
Uploading the Certificate into FileWave
- Launch the FileWave Admin and login to the FileWave server.
- Open the FileWave Admin Preferences.
- Select the 'Mobile' tab.
- Click 'Browse' and navigate to the saved ".p12" APNs certificate.
- Select the exported ".p12" certficate.
- Click 'Upload APN Certificate/Key Pair'.
- The topic should match the previous topic.
- That is it! FileWave may now manage Apple devices using Apple’s Push Notification Service.
APNs certificates require yearly renewals. Through FileWave Admin > Dashboard > Alert Settings, automated emails may configured. Consider adding 'APN for MDM'. Note this requires the Email preferences in Admin to be configured.