Apple MDM is used.
It is MDM using APNs.
The topic of mobileconfig is the same as the thing of Subject of APSP-XXX.pem.
The character string of a device token and PushMagic reached the MDM server after the setup of mobileconfig.
I sent wording of a telegram for device tokens using APNs.
It is replacing by the character string of PushMagic.
Although {"mdm":"xxxxxxxxxxxxx-xxxx-xxxx-xxxx"} is sent via APNs from the MDM server, iPhone is not reached.
Why is it?
Follow MDM_Protocol pdf very carefully.
If you are following this link: http://www.softhinker.com/in-the-news/iosmdmvendorcsrsigning
Then verify few things.
remove the passphrase from customerPrivateKey.pem using this command
openssl rsa -in customerPrivateKey.pem -out PlainKey.pem
Then merge your APNS certificate (for example CustomerCompanyName.pem) downloaded from the portal https://identity.apple.com/pushcert/ using this command
cat CustomerCompanyName.pem PlainKey.pem > PlainCert.pem
Now this PlainCert.pem file can be used in your server as APNS/MDM certificate.
If still there is issue,please show here your device log.
the issue may be because two reasons:
key and pem both should be present.
password used should belong to the password use while creating pem
I made a python script that does the vendor signing part, so you don't have to use the softhinker java code.
https://github.com/grinich/mdmvendorsign
Related
After downloading my certificate from the apple developer portal, I successfully create a p12 file but whenever I try to create a platform application on aws, enter the certificate password, I just keep getting the error below.
There was an error reading the selected certificate. Verify the
password and try again.
I have tried with short and no passwords but nothing seems to accept the password.
Any ideas?
I was able to make this work, by doing the following:
Delete all old keys related to previous attempts in your Keychain > login (macos)
Request a new certificate from Request Certificate from Authority. Make sure no keys are selected when you execute this function.
I chose a single word in lowercase for Common name.
Add certificate to Apple Developer Portal
Download the CSR
Double click on the CSR to import the keys into your Keychain.
Your private key should have a dropdown with the certificate listed. My previous attempts did not have this. Export the p12.
The p12 worked in AWS SNS when entering the password, the public and private keys were extracted from the p12.
I'm setting up a MDM server and I've passed all the certificates generation steps. I can enrol successfully on my mdm server. But when I send the wakeup push notification I get no response back from the device.
I'm using the Java APNS library to send the mdm push notification. Here's the code:
final String token = getToken("dlfkjgldfjglfl");
ApnsService service = APNS.newService()
.withDelegate(listener)
.withCert(P12_FILE_PATH, "password")
.withProductionDestination()
.build();
final String payloadString = APNS.newPayload().mdm("push_magic_token").build();
// Send the wake up push notification to APNS
service.push(token, payloadString);
I get no errors or exceptions with the code above and the delegate prints environment:production|push notification sent|notification:Message(Id=1; Token=the_token; Payload={"mdm":"magictoken"}) Which means the push was sent to APNS with success but the device never wakes up and communicates with my mdm server.
After further reading on the Apple documentation it states that there is the need to specify a topic for the push notification but the library has no method to set the topic.
From the Apple Documentation:
apns-topic: The topic of the remote notification, which is typically the bundle ID for your app. The certificate you create in
Member Center must include the capability for this topic. If your
certificate includes multiple topics, you must specify a value for
this header. If you omit this header and your APNs certificate does
not specify multiple topics, the APNs server uses the certificate’s
Subject as the default topic.
From this I presume the Java APNS library is using the topic as the certificate subject.
To generate the certificates I followed this tutorial but the vendor.p12 file generated wasn't being accepted by APNS as my push notification certificate (handshake error). After some googling I figured out some people also had this problem and they fixed it generating another .p12 from the mdm.cer downloaded from Apple generated MDM Certificate using:
openssl x509 -in mdm.cer -inform DER -out push_developer.pem -outform PEM
openssl pkcs12 -nocerts -in vendor.p12 -out vendor.pem
openssl pkcs12 -export -inkey vendor.pem -in push_developer.pem -out push_developer.p12
The certificate I am using as my push notifications is then push_developer.p12
I'm not skilled with certificates management so I am lost.
My question is how can I set the topic in the certificate?
I managed to figure out how the topic works. It is indeed within the certificate.
As I'm on a mac I'll explain how to get the proper certificate on a mac.
Download the MDM certificate generated by Apple (you should be able to download it from your MDM control panel on the Apple website)
Install the certificate in your machine
Open Keychain and find the certificate you just installed on step 2. It should be something like: APSP:slkjl34435-sdkj-sfd0-34o5uoijsdf
Click on the arrow and you should see the private key.
Select the certificate. Right click and select "Export 1 item". Only export your certificate and NOT the certificate + private key.
Save the .p12 file and use it as your MDM push notification certificate.
With these steps I managed to get the topic to work but my device is still not waking up. I'll open a new question regarding the device not waking up as this was more related to the topic and the certificate (I thought the device didn't wake up because the topic was incorrect).
For implementing push services for iOS Apps , we need to export push certificates from Keychain access as Certificates.p12 file and upload that to APN server. While exporting it asks for a password. What is the difference between a Certificate.p12 file exported with password and a blank password ? The cloud services like parse.com which supports push messages does not accept a .p12 file exported with a password. When We are coding our own APN server, should we use a .p12 file exported with password or without password ? For me, with a p12 file exported without password, I get "UnrecoverableKeyException: Get Key failed" error.
Thanks in advance for your help.
Answer is simple, Will explain with an example.
Consider your p12 file as a ATM Card (Debit/Credit card) and think if you don't have passwords for that, what happens if someone get your card ?
Same here, if you won't password protect that p12, anyone who have that p12 file can send push notifications (malicious) to your apps, using that p12 file.
The p12 file is an encrypted container for your X.509 Push Notification Certificate and it's corresponding Private Key. Because nobody should be able to use your certificate/private key for malicious purposes, it is strongly recommended that you protect your p12 file with a password. Else anybody who gets your p12 file will be able to communicate with Apple's Push Servers using your Developer Identity (which is defined by the certificate).
I need to get alert when i go near-by iBeacon, for this i am using third party iBeacon Management Service namely by https://admin.lighthousebeacon.io/applications/541190913a9c4d2b34ecea3c . they are asking
for APNS certificate and they have given me textfield for certificate . how to supply certificate in the form of text to them.
Just follow raywenderlich tutorial to create your APNS certificates and after that follow OnGitHub topic name "Generating Push Notification Certificates for Admin Portal", it will guide you how convert your certificate into text fromat.
I've looked everywhere for the push notification topic to send in my MDM enrollment profile and I've looked in both my developer/distribution key subject information but can't find anything that looks like this:
b503419d-1e2a-a60f-7451-5b8832b5a9cb
What am I missing?
As Michael Gaffney says:
The topic is the value of UID in the subject your APNs certificate. It
will begin with com.apple.mgmt.
To obtain it:
1.Go to https://identity.apple.com/pushcert/ and download the certificate
2.Get the topic from the certificate using OpenSSL e.g.,
bash-4.2.45$ openssl x509 -noout -in MDM_ \ABC \,LTD_Certificate.pem -subject
Gives this output:
subject= /UID=com.apple.mgmt.External.9a68c111-109a-9084-a9f7-fffffffffff2/CN=APSP:9a68c111-109a-9084-a9f7-fffffffffff2/C=PE
The notification topic in this case is com.apple.mgmt.External.9a68c111-109a-9084-a9f7-fffffffffff2
The topic is the value of UID in the subject your APNs certificate. It will begin with com.apple.mgmt.