Obtaining an APNS Certificate to Manage Apple iOS Devices
- Download the CSR file that was generated during the installation by using a browser and visiting https://<dns or IP address of TEM Relay with Management Extender for iOS>/csr. Save the file. Alternately, you can get the CSR file from the management extender on the following directory (default at C:\Program Files\BigFix Enterprise\Management Extender\MDM Provider\public\push.csr). Copy and save the file to your local machine.
- Send an email to email@example.com and attach the push.csr file. Please use the email subject of: "MDM APNS CSR <organization name>". The e-mail address is a distribution list and a response from the MDM Team is provided within 24 hours.
- IBM will respond in email with a signed certificate request.
- Go to https://identity.apple.com/pushcert/
- Log in with your Apple ID (consider using a non-personal ID so that other members of the organization can use the Apple ID in the future).
- Select Create Certificate.
- Read and agree to the Terms and Conditions.
- Follow the instructions to upload the certificate file that you received from IBM.
- Download the new signed push certificate which will be named according to your deployment with a PEM extension, for example "yourdeploymentname.pem".
- If you open the pem file in a text editor (wordpad), you should see a base64 encoded certificate that starts with "-----BEGIN CERTIFICATE-----" and has a few dozen lines of seemingly random characters. You should not see any line breaks before "-----BEGIN CERTIFICATE-----". If there are line breaks, you will need to re-download the file again from Apple Inc. using the same link. This is a bug in Apple's system.
The PEM file provided by Apple Inc. is your push certificate and will be used during configuration of the Enrollment and Apple iOS Management Extender. Back up this file to a safe location.
In addition, the push key file which was generated when the Management Extender was installed should be backed up to a safe location as well. This will allow you to use the matching push certificate and push key to configure multiple Management Extenders if desired. The push key can be found on the computer the Enrollment and Apple iOS Managment Extender was installed on, in the following location:
<Drive>\Program Files <(x86)>\BigFix Enterprise\Management Extender\MDM Provider\private\push_key.pem
Warning: Keep these files in a secure location. It is important that the push key file remain private.