I am trying to develop an enterprise application which needs to list all the installed applications in iphone and to delete some selected applications in device from my application.I found that this is possible only by using MDM server.I searched a lot for an exact document regarding this.It would be great if anyine clarify my following doubts :
1 .Steps and Configurations to follow an MDM server and make the server communicate with device
2 .Steps to do on the client side
Thanks in advance.
To configure your MDM server you need to follow the below steps
1.You need to enroll in iOS Developer Enterprise Pragramm.
2.Try to get a signed Certificate Signing Request (CSR) from your MDM vendor .
3.Once you have a signed CSR from your vendor, visit identity.apple.com/pushcert and sign in with a verified Apple ID.
4.Click "Create a Certificate” and agree to the Terms of Use.
5.Select your signed CSR and click upload. After a moment, your certificate will be available for download.
6.This certificate can now be uploaded to your MDM server for use with the Apple Push Notification service.
7.In your MDM Server you need to implement your Profile Manager ,implement your Push server add the SCEP stack.
In MDM capabilities there is remote wipe feature,so you can wipe out the device data remotely.
You can list out all the MDM capabilities in this PDF and refer this.
Related
Recently Apple introduced a new type of APNS certificates - Universal Push Notification Client SSL Certificate.
It seemed for me that it should allow to have one certificate to use on both Development and Production (Sandbox and Production). This was really wanted feature because my backend uses the Azure Notification Hub to send pushes and contains only one available space for a certificate (Sandbox or Production).
I tried to follow official docs provided by Apple (Creating a Universal Push Notification Client SSL Certificate) but with no luck - the new certificate applies only for Distribution . And even on theirs screenshots I see that this certificate applies only for Distribution mode and not for the Development and this is what confuses me
- Creating a Universal Push Notification Client SSL Certificate
This is why I will appreciate any guidance or advice which will explain how it should work, and did I understand the purpose of those certificates properly?
That's how it should appear - "Configurable" for development and "Enabled" for distribution. But it'll work for development as well.
I had the same problem looking for how to "Generate a universal APNs client SSL certificate". After a while, I managed to make it work. In the Apple developer console:
create a Key (not a certificate)
write the name of your key a select "APNs" service.
Download your .p8 key.
Then you have to use this .p8 file in your call.
I am trying to create APNS certificate to setup basic MDM server. I am following this link http://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.pdf
I have OS X server 10.8, an an Apple developer account.
I have enabled APN using server application in mac osx server. When I edit or try creating new certificate its takes me to https://identity.apple.com/pweb/?r=1 here it requires CSR signed from third party vendor. Which I dont have.
So how to create APNS certificate from mac osx server 10.8 without having Enterprise account?
Not sure what you are trying to do here, are you trying to become a vendor or are a customer of a vendor?
If you are a customer, you don't need anything other than an apple account, you could ask for instructions from your vendor, more specifically, a Signed Certificate Signing Request(scsr) from your vendor. Then upload this file to the URL that you provide to get a APNS push certificate.
But if you are trying to become a vendor or want to create your own MDM server, you will need to have an enterprise account, and make sure the account has mdm option when first applied for this account.
More information can be found in Apple's doc of Mobile Device Management Protocol
http://adcdownload.apple.com//Documents/mobile_device_management_protocol/mobiledevicemanagement_121211.pdf
Now I'm trying to make an MDM server which manages iOS devices using APNS push notifications.
So far I went over number of Apple official documents about configuration profile, mdm protocol, APNS push and etc.
But some of the steps necessary for the MDM full flow, I can't figure out clearly.
APNS certificate which MDM server has to use for push notification
Who(Vendor? or customer?) creates CSR and who(Vendor? or customer?) generates APNS certificate by uploading the CSR in Apple Push Portal?
(What the Apple document says and what Google says are not matching each other..)
Identity certificate which has to be contained in Configuration Profile
How to create the identity certificate and in where?
How to include it in the Configuration Profile using iPCU?
Searching on web I could see pretty lots of information about these but not all of them says consistent answer, so I got to feel more dizzy. :-(
Any piece of help/information will be appreciated.
Thanks.. :-)
I have some basic points in order to generate a MDM certificate.
MDM certificate is use to manage the enrolled device.
The policies will work over the air(APNS).
The Server-Clint communication will happened through APNS.
I am going to answer your questions below.
Q: APNS certificate which MDM server has to use for push notification:
A: In order to manage the iOS device you need to install the profile in server.
First of all you need to create the CSR in your server using IIS manager.
After generate the CSR file you need to sign by any third party vendor,then you will get the .SCSR file. Hear the vendor will sign your CSR using a private key.
Once have the .SCSR you need to upload the file to apple push cert site.
After upload the SCSR file you will get the .PEM file.
Once have the .PEM file need to complete the request using IIS manager.
Your certificate will visible in the certificate list.Right click on the certificate and export with password.
Hear the customer means whoever creating the CSR.Vendor means the certificate whoever signing.
Feel free to ask the questions if you are not clear.
I have prepared some basic steps for you to configure Push notification as follows :
Go to Developer.apple.com
Check with Member centre
Navigate to iOS provisioning portal
check if app id exists
Create new app id
select created app (configure)
Enable push notification and in app
CSR from apple MAC user with keychain app(give account creds)
Enter CSR and generate
Download production certificate
Give this to MAC user again to generate p12 file
Provisioning go to distribution
Create New Distribution profile
Profile name is “APP name (space) Dist”
Hope this will help you.. Please feel free to ask if anything is not clear to you.
You can't much info regarding this. But I will tell you, use iPCU for creating config profiles. Use a server for sending these config profiles as a response.
Use a separate server for CA and issuing the authority.
You(Vendor/Customer) have to create a APNS certificate and you have to use it in the server, for sending push notification.
Let me know whether you have found a breakthrough or still you struck somewhere
We have taken iOS developer Enterprise account and we have received the MDM certificate which is in .pem format.We have download this mdm certificate from the portal https://identity.apple.com/pushcert/
But we don't have idea that this is production MDM certificate or development MDM certificate.
First we want to test MDM commands using development certificate and after getting MDM payloads,we can can continue for production.
So my question is how to create MDM/APNS certificate which can be used for getting MDM push notification from gateway.sandbox.push.apple.com , if this is possible.
I have gone through this pdf,but not getting fair idea about development MDM push notification.
Any help will be appreciated.
Follow this page: http://www.softhinker.com/in-the-news/iosmdmvendorcsrsigning
In order to use the sandbox APNS service, tick 'Use Development APNS Server' in the Mobile Device Management section in the iPhone Config Util of the configuration profile you will create to enrol your device with your server.
My suggestion is try production APNS you can use this production APNS for live MDM product also.
If you are following this page, then take care of few things and see the question also.
Does anybody know how to set the "Identity" of the Mobile Device Management (MDM) payload of a Configuration Profile from iPhone Configuration Utility (iPCU)?
I get many certificates from Apple.com(aps_ssl_production and ios_distribution ),but I don't known how to install the MDM Payload.
You can add in a p12 file/certificate as a 'Credential' in iPCU and pick this from the list in the MDM view. You do not have to use SCEP to do this.
use SCEP Settings to provide instructions for the device to obtain the certificate using SCEP as mentioned in FA_iPhone_Configuration_Utility_Introduction
So first do configure SCEP using IPCU and then configure Mobile Device Management and then create the config profile and try to install that config in iOS device.
While configuring make sure there should no invalid entry for any field and no red icon for any field.
Edit:
For few no of devices no need to use SCEP. You can go through this link for more detail.