An APNS certificate is required for iOS management. APNS certificates can be used system-wide or for a specific organisation, as described in Services.

This article gives instructions for an organisation manager or master/vendor administrator, who needs to create an APNS certificate for an organisation.

Creating a New APNS certificate

You can create an APNS certificate through the following steps:

1. Create an APNS certificate signing request.
   

   You can generate the private key and certificate signing request with the following command:

   $ openssl req -newkey rsa:2048 -keyout mysync-apns.key -new -out mysync-apns.csr -nodes -sha256 -subj '/CN=mySync APNS/'

2. Send it to the EMM vendor or supervisor
3. The EMM vendor or supervisor signs the request using an EMM signing certificate and sends the resulting file back
4. Upload the signed request to the Apple Push Certificates portal at https://identity.apple.com/pushcert/
5. Download an Apple-signed APNS certificate file (as created in the previous step)
6. Create a PKCS#12 file consisting of the private key and the Apple-signed APNS certificate
7. Upload the PKCS#12 file to the EMM service in the Configuration→Services view, in the Apple MDM tab, as described in Services.

The PKCS#12 is an archive file that bundles a certificate with a private key, as well as signatures.

Exporting an Existing APNS certificate as PKCS#12

The EMM client expects an APNS certificate to be uploaded as a PKCS#12 file. You can create it from an existing certificate and a private key using the following command:

$ openssl pkcs12 -export -in mysync-apns.crt -inkey mysync-apns.key -out mysync-apns.p12

You will be asked for export password when running the command above. You will need to enter this same password after you have uploaded the APNS PKCS#12 file to the EMM service, in Configuration→Services, in the Apple MDM tab, as described in Services.