Certificate stuff in iOS MDM operation - ios

Now I'm trying to make an MDM server which manages iOS devices using APNS push notifications.
So far I went over number of Apple official documents about configuration profile, mdm protocol, APNS push and etc.
But some of the steps necessary for the MDM full flow, I can't figure out clearly.
APNS certificate which MDM server has to use for push notification
Who(Vendor? or customer?) creates CSR and who(Vendor? or customer?) generates APNS certificate by uploading the CSR in Apple Push Portal?
(What the Apple document says and what Google says are not matching each other..)
Identity certificate which has to be contained in Configuration Profile
How to create the identity certificate and in where?
How to include it in the Configuration Profile using iPCU?
Searching on web I could see pretty lots of information about these but not all of them says consistent answer, so I got to feel more dizzy. :-(
Any piece of help/information will be appreciated.
Thanks.. :-)

I have some basic points in order to generate a MDM certificate.
MDM certificate is use to manage the enrolled device.
The policies will work over the air(APNS).
The Server-Clint communication will happened through APNS.
I am going to answer your questions below.
Q: APNS certificate which MDM server has to use for push notification:
A: In order to manage the iOS device you need to install the profile in server.
First of all you need to create the CSR in your server using IIS manager.
After generate the CSR file you need to sign by any third party vendor,then you will get the .SCSR file. Hear the vendor will sign your CSR using a private key.
Once have the .SCSR you need to upload the file to apple push cert site.
After upload the SCSR file you will get the .PEM file.
Once have the .PEM file need to complete the request using IIS manager.
Your certificate will visible in the certificate list.Right click on the certificate and export with password.
Hear the customer means whoever creating the CSR.Vendor means the certificate whoever signing.
Feel free to ask the questions if you are not clear.

I have prepared some basic steps for you to configure Push notification as follows :
Go to Developer.apple.com
Check with Member centre
Navigate to iOS provisioning portal
check if app id exists
Create new app id
select created app (configure)
Enable push notification and in app
CSR from apple MAC user with keychain app(give account creds)
Enter CSR and generate
Download production certificate
Give this to MAC user again to generate p12 file
Provisioning go to distribution
Create New Distribution profile
Profile name is “APP name (space) Dist”
Hope this will help you.. Please feel free to ask if anything is not clear to you.

You can't much info regarding this. But I will tell you, use iPCU for creating config profiles. Use a server for sending these config profiles as a response.
Use a separate server for CA and issuing the authority.
You(Vendor/Customer) have to create a APNS certificate and you have to use it in the server, for sending push notification.
Let me know whether you have found a breakthrough or still you struck somewhere

Related

What is a right way to generate the Certificates while using FCM

I am amazed to see that When ever I am creating Certificates "Apple Push Notification service SSL (Production & Development)" it is not shown in Profiles
Things are very much changed on Developer portal And after bashing my head many times (deleting and creating different certificates) its is not working for me
What I am doing:
Attempt 1: When I create certificates from certificate menu it did appear on Profile menu (from where we create provisioning profile & selects certificates) but when I create APNs SSL certificate it never appears in provisioning profile menu
Attempt 2: I created separate SSL certificate and created p12 file from them and uploaded them into FCM server and then i created normal certificate and generated Provisioning profile and installing them in xcode it gives me error of not including something for Notification.
So after trying all these I am now not able to run app on device and not able to work around for FCM notification
Question: What steps are needed to create certificate while working on FCM?
"NOTE: Since all interface and working procedures are updated on developer portal is updated so all help on SO and other places are out date. Please let me know what should I do and how it is done in precise manner it will be great help. THANKS"
I suggest to use for push notification, .p8 key because this same key will work for both sandbox And production mode.
Use this solution to generate .p8 Key And upload key on firebase read this articles

enterprise developer - no signing identities

I have an app, there is a company that wants to try my app. They have own enterprise account.
They send me a distribution certificate and a provision. I tried to archive my app with their certificate and provision but I took an error as below
Do I need to be a member of their team? Also they send to me bundle ID , they didn't sent team informations,I just select "none" .
Thank you.
To my understanding they have sent you the certificate but not the matching private key for that certificate (.p12 file). If they are willing to send you the private key as well then you should be able to sign the app (more about this issue here).
Another way to do this is by sending them an .xarchive file and asking them to import it into Xcode. Once it is visible in the Organizer they can distribute it with their own certificate (more details in this answer).
Good luck!

Basic MDM Server setup

I am trying to create APNS certificate to setup basic MDM server. I am following this link http://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.pdf
I have OS X server 10.8, an an Apple developer account.
I have enabled APN using server application in mac osx server. When I edit or try creating new certificate its takes me to https://identity.apple.com/pweb/?r=1 here it requires CSR signed from third party vendor. Which I dont have.
So how to create APNS certificate from mac osx server 10.8 without having Enterprise account?
Not sure what you are trying to do here, are you trying to become a vendor or are a customer of a vendor?
If you are a customer, you don't need anything other than an apple account, you could ask for instructions from your vendor, more specifically, a Signed Certificate Signing Request(scsr) from your vendor. Then upload this file to the URL that you provide to get a APNS push certificate.
But if you are trying to become a vendor or want to create your own MDM server, you will need to have an enterprise account, and make sure the account has mdm option when first applied for this account.
More information can be found in Apple's doc of Mobile Device Management Protocol
http://adcdownload.apple.com//Documents/mobile_device_management_protocol/mobiledevicemanagement_121211.pdf

Can`t find Certificate Signing Request (CSR) for Apple Push Notification service

I`m trying to add to my app Push Notification service. I have already successfully distributed my app via Enterprise Distribution, by following all instructions. But now enabling Apple Push Notification service i need Certificate Signing Request (CSR) file and accidentally deleted him. How can i get another CSR file without creating new certificate and going through the hard process of app distribution?
Like it tells you in the provisioning portal - open keychain access --> app menu--> certificate assistant --> request a certificate from a certificate authority.
However, you may have to re-sign your app with the new certificate that is eventually generated. The CSR is the "easy" bit!

MDM server setup

I am trying to develop an enterprise application which needs to list all the installed applications in iphone and to delete some selected applications in device from my application.I found that this is possible only by using MDM server.I searched a lot for an exact document regarding this.It would be great if anyine clarify my following doubts :
1 .Steps and Configurations to follow an MDM server and make the server communicate with device
2 .Steps to do on the client side
Thanks in advance.
To configure your MDM server you need to follow the below steps
1.You need to enroll in iOS Developer Enterprise Pragramm.
2.Try to get a signed Certificate Signing Request (CSR) from your MDM vendor .
3.Once you have a signed CSR from your vendor, visit identity.apple.com/pushcert and sign in with a verified Apple ID.
4.Click "Create a Certificate” and agree to the Terms of Use.
5.Select your signed CSR and click upload. After a moment, your certificate will be available for download.
6.This certificate can now be uploaded to your MDM server for use with the Apple Push Notification service.
7.In your MDM Server you need to implement your Profile Manager ,implement your Push server add the SCEP stack.
In MDM capabilities there is remote wipe feature,so you can wipe out the device data remotely.
You can list out all the MDM capabilities in this PDF and refer this.

Resources