An APNS certificate is required for iOS management. APNS certificates can be used system-wide or for a specific organisation, as described in Services.
This article gives instructions for an organisation manager or master/vendor administrator, who needs to create an APNS certificate for an organisation.
Creating a New APNS certificate
You can create an APNS certificate through the following steps:
- Create an APNS certificate signing request.
You can generate the private key and certificate signing request with the following command:
$ openssl req -newkey rsa:2048 -keyout mysync-apns.key -new -out mysync-apns.csr -nodes -sha256 -subj '/CN=mySync APNS/'
- Send it to the EMM vendor or supervisor
- The EMM vendor or supervisor signs the request using an EMM signing certificate and sends the resulting file back
- Upload the signed request to the Apple Push Certificates portal at https://identity.apple.com/pushcert/
- Download an Apple-signed APNS certificate file (as created in the previous step)
- Create a PKCS#12 file consisting of the private key and the Apple-signed APNS certificate
- Upload the PKCS#12 file to the EMM service in the Configuration→Services view, in the Apple MDM tab, as described in Services.
The PKCS#12 is an archive file that bundles a certificate with a private key, as well as signatures.
Exporting an Existing APNS certificate as PKCS#12
The EMM client expects an APNS certificate to be uploaded as a PKCS#12 file. You can create it from an existing certificate and a private key using the following command:
$ openssl pkcs12 -export -in mysync-apns.crt -inkey mysync-apns.key -out mysync-apns.p12
You will be asked for export password when running the command above. You will need to enter this same password after you have uploaded the APNS PKCS#12 file to the EMM service, in Configuration→Services, in the Apple MDM tab, as described in Services.