Skip to main content

 

Druva Documentation

Configuring certificates for iOS devices

Overview

This topic explain the need for configuring certificates for iOS devices and how to configure them.

Why configure certificates for iOS devices?

The DLP feature helps prevent data loss from user devices. If a device is lost or stolen, you can decommission the device and remotely wipe out data from the backup folders and inSync Share folder of the device. For the DLP feature to work on iOS devices such as iPad and iPhone, inSync server needs the following certificates:

  • Secure Socket Layer (SSL) certificate: This certificate ensures secure transactions between Web servers and browsers.

  • Apple Push Notification (APN) certificate: This certificate ensures that the DLP instructions from the inSync server are trusted by the iOS devices.

Therefore, if you want to use DLP with iOS devices, you must upload an SSL and an APN certificate to the inSync server.

Note: The DLP functionality works well with Android devices. Because of the restrictions imposed by the Windows Phone 8 platform, DLP does not work with WP8 devices.

Acquiring the certificates

This section contains instructions for acquiring certificates necessary for iOS devices. 

Acquiring the SSL certificate

You can acquire your SSL certificate from any Certificate Authority. Make sure that the domain name/hostname for your SSL certificate matches the hostname of your inSync server.

To view the hostname of your inSync server

  1. On the menu bar, click Manage > Settings.
  2. Click the Mobile Credentials tab.

The hostname of the inSync server is displayed. 

Acquiring the APN certificate

Acquiring an APN certificate is a multi-step process. Follow the steps in this section to acquire an APN certificate. 

Step 1: Generating a certificate signing request

To generate a certificate signing request (CSR)

  1. Acquire an RSA private key. You can use the following command on an openssl toolkit to generate a RSA private key.
    openssl genrsa -des3 -out privatekey.pem 2048

    In this code, privatekey.pem is the name of the private key you want to generate.

  2. Create the CSR in DER format. You can use the following command on your openssl toolkit to create the CSR.
    openssl req -new -key privatekey.pem -out customer.csr
    openssl req -inform pem -outform der -in customer.csr –out customer.der

    In the above code, customer.der is the name of the CSR that you are creating. 

Step 2: Acquiring a signed certificate from the Druva support team

To receive a signed certificate

The Druva support team will email the signed certificate back to you.

Step 3: Generating an APN certificate

You can create the APN certificate from the Apple Push Certificates portal. To log on to the portal, use your Apple ID. You can create an Apple ID at https://appleid.apple.com/.

 

To generate an APN certificate

  1. Log on to the Apple Push Certificates portal (https://identity.apple.com/pushcert/) using your Apple credentials.
  2. Upload the signed certificate that you received from the Druva support team. 
  3. Download the APN certificate that is created.
  4. Append your private key (without password) to the APN certificate. Use the following command on your openssl toolkit to append the private key.
    openssl rsa -in privatekey.pem-out plainkey.pem
Note: APN certificates are valid for a year. At the end of each year, you must renew the APN certificate. For renewal, upload the signed certificate on the Apple Push Certificates portal and download the new APN certificate.

Uploading the certificates

NoteSo that the inSync server can send push notifications to mobile devices, make sure that it has access to port 2195 (gateway.push.apple.com) and port 443 (cloud.druva.com). 

Uploading the SSL certificate

To upload the SSL certificate

  1. On the menu bar, click Manage > Settings.
  2. Click the Mobile Credentials tab.
  3. Click Load SSL Certificate.
  4. Select the SSL certificate you want to upload and click Open.

Uploading the APN certificate

To upload an APN certificate

  1. On the menu bar, click Manage > Settings.
  2. Click the Mobile Credentials tab.
  3. Click Load APN Certificate.
  4. Select the APN certificate you want to upload and click Open.

Modifying network settings for iOS devices

inSync server requires a URL from which inSync Companion App can access relevant profile settings. By default, the fully qualified domain name of the inSync Server and port 6068 is used as the URL. You can modify the domain name and the port.

 

To modify the network settings

  1. On the menu bar, click Manage > Settings
  2. Click the Mobile Credentials tab.
  3. Click Edit Network Settings.
  4. Modify the hostname and the port number.
  5. Click Ok.
  • Was this article helpful?