We have taken iOS developer Enterprise account and we have received the MDM certificate which is in .pem format.We have download this mdm certificate from the portal https://identity.apple.com/pushcert/
But we don't have idea that this is production MDM certificate or development MDM certificate.
First we want to test MDM commands using development certificate and after getting MDM payloads,we can can continue for production.
So my question is how to create MDM/APNS certificate which can be used for getting MDM push notification from gateway.sandbox.push.apple.com , if this is possible.
I have gone through this pdf,but not getting fair idea about development MDM push notification.
Any help will be appreciated.
Follow this page: http://www.softhinker.com/in-the-news/iosmdmvendorcsrsigning
In order to use the sandbox APNS service, tick 'Use Development APNS Server' in the Mobile Device Management section in the iPhone Config Util of the configuration profile you will create to enrol your device with your server.
My suggestion is try production APNS you can use this production APNS for live MDM product also.
If you are following this page, then take care of few things and see the question also.
Related
I know this question has been asked a few times but I am still having issues after trying all the suggested fixes.
I have an app that is being tested through Apple's TestFlight of which a number of External Users have downloaded. The app was built using an AdHoc Distribution Profile against the relevant App ID which has Push Notifications Enabled for Distribution and has the necessary Apple Push Services certificate. I am using Parse and am able to receive notifications on my test device (signed with the dev certificate and APN push cert), however the external testers are not receiving any notifications.
I am using Parse and can see in the logs that the notifications are being sent so I am assuming it is something with the devices themselves related to a problem with the provisioning profiles. I also followed the steps to uploading a new .p12 file to my Parse server for production notifications.
However, it seems that only the builds with the development profile are able to receive notifications. Am I correct in assuming that this is because the certificate used by Parse to sign the notification doesn't match that which was used in the adhoc build? I.e. Parse is still using the old .p12 certificate?
When I uploaded the new .p12 file to my Parse server I didn't explicitly remove the previous .p12 certificate, do I need to do this? Would revoking the dev APN certificate solve this?
Any help is much appreciated.
Thanks
The reason notifications were not being received was due to the production flag not being set to true when I uploaded the production certificate to my Parse server. I re-uploaded the certificate setting this to true and notifications began to work.
Recently Apple introduced a new type of APNS certificates - Universal Push Notification Client SSL Certificate.
It seemed for me that it should allow to have one certificate to use on both Development and Production (Sandbox and Production). This was really wanted feature because my backend uses the Azure Notification Hub to send pushes and contains only one available space for a certificate (Sandbox or Production).
I tried to follow official docs provided by Apple (Creating a Universal Push Notification Client SSL Certificate) but with no luck - the new certificate applies only for Distribution . And even on theirs screenshots I see that this certificate applies only for Distribution mode and not for the Development and this is what confuses me
- Creating a Universal Push Notification Client SSL Certificate
This is why I will appreciate any guidance or advice which will explain how it should work, and did I understand the purpose of those certificates properly?
That's how it should appear - "Configurable" for development and "Enabled" for distribution. But it'll work for development as well.
I had the same problem looking for how to "Generate a universal APNs client SSL certificate". After a while, I managed to make it work. In the Apple developer console:
create a Key (not a certificate)
write the name of your key a select "APNs" service.
Download your .p8 key.
Then you have to use this .p8 file in your call.
As far as I know I can renew the APNS by creating a new certificate and finally update my server to use it.
But, I don't understand what happen if I have two APNS distribution certificates both non expired yet at same time. What will happen with devices that used the older certificate to generate the token?. Will they stop receiving push notifications? What is the best approach to face a renew APNS certificate?
In my server should i handle both certificates too? I mean, when I establish a connection with Apple servers I can use only one pem.
I have already read:
How to Renew Push Notification Services Certificate
Renewing Production Push SSL Certificate - Apple APNS
devices that used the older certificate to generate the token
Devices do not use the certificate, the certificate is used only by the server. Therefore there is no such thing as tokens obtained from a device using the older certificate.
(Devices use a profile with push entitlements in order to obtain the token,and this does contain a certificate however this is not the same thing as the certificate used on the server).
Therefore your server just needs to use the new certificate when communicating with the Apple servers and your apps will continue to receive pushes, providing you have generated and are using the correct certificate (i.e. development for the Apple Sandbox server and production for the Apple production Server).
Incidentally a single .pem can contain multiple certificates if desirable.
I am an Objective-C developer, and I created an app for iOS with push notifications. The only doubt
I have to clear is that with my iPad, I am testing the push notifications with development certificates. Push notifications are working fine with developer certificates and don't work for production.
For extending it to production, will replacing the Development certificates with Production certificates be enough, or are there any other changes required?
In addition to replacing the push certificate used by the server, you have to build the app with production or AdHoc provisioning profile, and your server should send notifications to the APNS production server.
You also need to change the gateway to gateway.push.apple.com from sandbox in your backend code for sending notification. Also make sure that you have right certificates as suggested by others.
You have to get it right
Developer Cert / provision + .p12 exported for developer certificate + sandbox.push.apple.com -> success
Prod Cert / provision + .p12 exported for prod cert + push.apple.com -> success
If you change the combination it will not work. Also check if Push Token (Postal) is generated by application signed with right certificate.
I am trying to develop an enterprise application which needs to list all the installed applications in iphone and to delete some selected applications in device from my application.I found that this is possible only by using MDM server.I searched a lot for an exact document regarding this.It would be great if anyine clarify my following doubts :
1 .Steps and Configurations to follow an MDM server and make the server communicate with device
2 .Steps to do on the client side
Thanks in advance.
To configure your MDM server you need to follow the below steps
1.You need to enroll in iOS Developer Enterprise Pragramm.
2.Try to get a signed Certificate Signing Request (CSR) from your MDM vendor .
3.Once you have a signed CSR from your vendor, visit identity.apple.com/pushcert and sign in with a verified Apple ID.
4.Click "Create a Certificateā and agree to the Terms of Use.
5.Select your signed CSR and click upload. After a moment, your certificate will be available for download.
6.This certificate can now be uploaded to your MDM server for use with the Apple Push Notification service.
7.In your MDM Server you need to implement your Profile Manager ,implement your Push server add the SCEP stack.
In MDM capabilities there is remote wipe feature,so you can wipe out the device data remotely.
You can list out all the MDM capabilities in this PDF and refer this.