Creating APNs Certificate


The following workflow diagram explains you the steps involved in creating APNs certificate and managing the iOS devices.  

 

 

 

Follow the steps mentioned below, based on the Desktop Central build # you are running:

Note: Ensure that you have configured Proxy settings and Mail server settings for this Renewal process to work. You should also see to it, that this url : https://creator.zoho.com is added to your domain's exception list, so that Desktop Central will have permissions to reach this url, to process the vendor signed CSR.

Desktop Central Build 90072 or later versions

There are 2 stages in creating an APNs certificate, they are
  1. Creating and signing a CSR
  2. Creating and Uploading APNs

Creating and Signing a CSR

The first step in creating APNs is to create a CSR and get it signed from Zoho Corporation, follow the steps mentioned below:

  1. Login to Manage Engine Desktop Central Web Console.
  2. Go to MDM-> Settings -> APNs Certificate
  3. Specify Corporate Email Address and name of the Organization
  4. Click Create and Sign CSR
  5. Click Next, you will be able to download the Vendor Signed CSR if the signing process is complete. By any chance if the signing process fails, then you will have to  download the CSR and send it to  desktopcentral-support@manageengine.com  to get it signed manually. The signed file will be mailed back to you.

You have successfully created a CSR, and got it signed by  Zoho Corporation.

Creating and Uploading APNs Certificate

The Signed CSR, which has been downloaded in step 1, has to be uploaded to the Apple Push Notification portal to create a APNs. Follow the steps mentioned below:

  1. Go to  https://identity.apple.com/pushcert/ (Apple Push Certificate Portal website) to create the APNs.  It is recommended by Apple to use "Safari/Google Chrome/Firefox" browsers while executing the below mentioned steps. Internet Explorer is not recommended to create APNs certificate.
  2. Sign in using your Apple ID and password. An Apple Developer Account or Enterprise Account is not mandatory, any Apple ID  or Apple Account can be used. If you do not have an Apple ID, create one from https://appleid.apple.com.

    Note: APNs is valid for one year from the day of its creation. It is recommended to use a corporate Apple ID to create APNs. When you renew the APNs certificate, you will have to use the same Apple ID. If you happen to use a different Apple ID, then you will have to re-enroll all the managed mobile devices.

  3. Once logged in, choose "Create Certificate"
  4. After reading terms and conditions Click Accept.
  5. Upload the signed CSR that you received at step 1.
  6. A new certificate for managing the iOS devices will appear in the portal.
  7. Select  to download the Apple signed certificate (MDM_ZOHO_Corporation_Certificate.pem).
  8. On the Desktop Central web console, click Next  to upload the APNs certificate, that you have downloaded from the Apple Push Notification portal.
  9. Specify the Corporate Apple ID  and address to which notification mails should be sent during APNs expiry.
  10. Click Upload to complete the process.

 You have successfully uploaded APNs, you can start enrolling your iOS devices.

 

Desktop Central Build 90072 or lower versions

Creating APNs certificate involves the following sequence of steps:        Setting up MDM  
  1. Creating a Certificate Signing Request (CSR)
  2. Getting CSR Signed by Zoho Corporation
  3. Uploading Signed Certificate to Apple Push Notification Portal
  4. Completing the CSR and generating APNs Certificate
  5. Upload the APNs Certificate in Desktop Central

Creating a Certificate Signing Request (CSR)

  1. Open a command prompt as an administrator on the computer where Desktop Central is installed and change directory to <Product-Install-Dir>/ManageEngine/DesktopCentral_Server/bin/mdm directory

  2. Execute the bat file CreateCSR.bat to create a CSR. A new window pops up, answer the following questions to create a CSR.
      1. Country Name (2 letter Code): Enter a 2 letter code of your country ( for example US for United States)
      2. State or Province Name (full name): Enter the name of the state or province (for example Texas)
      3. Locality Name : Name of the locality (for example Dallas)
      4. Organizational Name : Name of your company (for example Zoho Corp.)
      5. Organizational Unit Name : Name of your department (for example Finance Department)
      6. Common Name : A unique name to identify your company (for example ManageEngine)
      7. Email Address : Enter the company Email address (for example contact@zohocorp.com)
  3. A Challenge Password : do not enter any password, skip this step by pressing enter.
    Now, the CSR has been created successfully. Two files, customer.csr & CustomerPrivateKey.key will be available in your <Product-Install-Dir>/ManageEngine/DesktopCentral_Server/bin/ mdm directory.   

Getting CSR Signed by Zoho Corporation

The next step is to get the CSR signed by Zoho Corporation. Send only the CSR file that you have created above to 
desktopcentral-support@manageengine.com  to get it signed. The signed file will be mailed back to you.  

Uploading Signed Certificate to Apple Push Notification Portal

  1. It is recommended by Apple to use "Safari/Google Chrome/Firefox" browsers while executing the below mentioned steps. Internet Explorer is not recommended to create APNs certificate.  

    1. Go to  https://identity.apple.com/pushcert/ (Apple Push Certificate Portal website) to create the APNs
    2. Sign in using your Apple ID and password. An Apple Developer Account or Enterprise Account is not mandatory, any Apple ID  or Apple Account can be used. If you do not have an Apple ID, create one from https://appleid.apple.com.

      Note: It is recommended to use a corporate Apple ID to create APNs. When you renew the APNs certificate, you . You will have to re-enroll all the managed mobile devices, if you cannot remember this Apple ID.

    3. Once logged in, choose "Create Certificate"
    4. After reading terms and conditions Click Accept.
    5. Upload the signed certificate that you received from Desktop Central Support.
    6. A new certificate for managing the iOS devices will appear in the portal.
    7. Select  to download the Apple signed certificate.

    You can save the downloaded  MDM_Zoho Corporation_Certificate.pem in the MDM directory.

Completing the CSR and generating APNs Certificate

    1. Open a command as administrator on the computer where Desktop Central is installed and change directory to <Product-Install-Dir>/ManageEngine/DesktopCentral_Server/bin/mdm directory
    2. Copy the MDM_ZOHO_Corporation_Certificate.pem to directory <Product-Install-Dir>/ManageEngine/DesktopCentral_Server/bin/ mdm
    3. Execute the bat file (createAPNsCertificate.bat) to generate the APNs certificate.
    4. It would prompt for password, this is mandatory.  This password should be used when you import the APNs Certificate in the Desktop Central Console.

    Now, APNSCertificate.p12 has been successfully generated. The certificate is available under <Product-Install-Dir>/ManageEngine/DesktopCentral_Server/bin/mdm.

Upload the APNs Certificate in Desktop Central

    1. Login to Manage Engine Desktop Central Web Console.
    2. Go to MDM-> Settings -> APNs Certificate
    3. Upload the exported APNSCertificate.p12 Certificate from <Product-Install-Dir>/ManageEngine/DesktopCentral_Server/bin/mdm
      and provide the password that you provided while exporting the certificate.
    4. Select Save

    You have successfully generated the APNs certificate and uploaded to Manage Engine Desktop Central Web Console. You can start managing the devices by enrolling the devices in Desktop Central.

     

     

Copyright © 2005-2014, ZOHO Corp. All Rights Reserved.
ManageEngine