Skip to main content

 

Druva Documentation

Configuring certificates for iOS devices

 

Overview

This topic explain the need for configuring certificates for iOS devices and how to configure them.

Why configure certificates for iOS devices?

The DLP feature of inSync helps prevent data loss from user devices. If a device is lost or stolen, you can decommission the device and remotely wipe out the data from the backup and inSync share folder of the device. For the DLP feature to work on iOS devices such as iPad and iPhone, inSync server needs the following certificates:

  • Secure Socket Layer (SSL) certificate: This certificate ensures secure transactions between Web servers and browsers.

  • Apple Push Notification (APN) certificate: This certificate ensures that the DLP instructions from the inSync server are trusted by the iOS devices.

Therefore, if you want to use DLP with iOS devices, you must upload an SSL and an APN certificate to the inSync server.

Note: The DLP functionality works well with Android devices. Because of the restrictions imposed by the Windows Phone 8 platform, DLP does not work with WP8 devices.

Acquiring the certificates

Acquiring the SSL certificate

Acquire your SSL certificate from any Certificate Authority. Make sure that the domain name/hostname for your SSL certificate matches the hostname of your inSync server.

To view the hostname of your inSync server

  1. On the menu bar, click Manage > Settings.
  2. Click the Mobile Credentials tab.

The hostname of the inSync server is displayed. 

Acquiring the APN certificate

Acquiring an APN certificate is a multi-step process.

Step 1: Generating a certificate signing request

To generate a certificate signing request (CSR)

  1. Acquire a RSA private key. You can use the following command on an openssl toolkit to generate a RSA private key.
    openssl genrsa -des3 -out privatekey.pem 2048

    In the above code, privatekey.pem is the name of the private key you want to generate.

  2. Create the CSR in DER format. You can use the following command on your openssl toolkit to create the CSR.
    openssl req -new -key privatekey.pem -out customer.csr
    openssl req -inform pem -outform der -in customer.csr –out customer.der

    In the above code, customer.der is the name of the CSR that you are creating. 

Step 2: Acquiring a signed certificate from the Druva support team

To receive a signed certificate

The Druva support team will email you the signed certificate.

Step 3: Generating an APN certificate

Before you begin: The APN certificate can only be created on the Apple Push Certificates portal. To log on to the portal, you must have an Apple ID. If you do not have an Apple ID, create one at https://appleid.apple.com/.

 

To generate an APN certificate

  1. Log on to the Apple Push Certificates portal (https://identity.apple.com/pushcert/) using your Apple ID and password.
  2. Upload the signed certificate you received from the Druva support team. Using it, Apple creates an APN certificate for you.
  3. Download the APN certificate from the portal.
  4. Append your private key (without password) to the APN certificate. You can use the following command on your openssl toolkit to append the private key.
    openssl rsa -in privatekey.pem-out plainkey.pem
Note: APN certificates are valid for a year. At the end of each year you must renew the APN certificate. To renew, upload the signed certificate again on the Apple Push Certificates portal and download the renewed APN certificate.

Uploading the certificates

Uploading the SSL certificate

To upload the SSL certificate

  1. On the menu bar, click Manage > Settings.
  2. Click the Mobile Credentials tab.
  3. Click Load SSL Certificate.
  4. Browse and select the SSL certificate you want to upload.

Uploading the APN certificate

To upload an APN certificate

  1. On the menu bar, click Manage > Settings.
  2. Click the Mobile Credentials tab.
  3. Click Load APN Certificate.
  4. Browse and select the APN certificate you want to upload.

Providing access to servers

Make sure that the inSync server has access to the following servers so that it can send push notifications to the mobile devices:

  • gateway.push.apple.com, port 2195
  • cloud.druva.com, port 443

Modifying network settings for iOS devices

For iOS device management, inSync needs a URL where it can publish the profile details for the inSync companion app to access. By default, the fully qualified domain name of the inSync Server and port 6068 is used as the URL. If required, you can modify the domain name and the port number.

 

To modify the network settings

  1. On the menu bar, click Manage > Settings
  2. Click the Mobile Credentials tab.
  3. Click Edit Network Settings.
  4. Modify the domain name and the port number, as required.
  5. Click Ok.

  • Was this article helpful?