Skip to main content

 

Druva Documentation

How to generate and install an Apple Push Notification certificate

Summary

This article explains how an IT Administrator can create and load an Apple Push Notification certificate, which is required for implementing inSync's Data Loss Prevention features on all enterprise mobile devices. 

The administrator needs to install OpenSSL, and generate a Certificate Signing Request (CSR). Druva Support signs the CSR, which is needed to generate a Push Certificate on the Apple site. This Push Certificate is uploaded to the inSync server. The details are explained in the article.

Before you begin

You will need an Apple ID to log in to the Apple site and generate an Apple MDM Certificate.

Read the Mobile FAQs to get an overview of how inSync uses MDM certificates.

Download and Install OpenSSL

Go to http://slproweb.com/products/Win32OpenSSL.html. Download and install OpenSSL.

openssl.JPG

 

For related information, see How to Install SSL Certificate from a Trusted CA.

Generate a private key

To generate a private key and get a Certificate Signing Request:

1. Open  a command prompt. Navigate to  c:\openssl-win32\bin.

mdm2.png

2.  At the command prompt, enter the following commands to generate a private key.

Set OPENSSL_CONF=c:\openssl-win32\bin\openssl.cfg
openssl genrsa -out privatekey.pem 2048

mdm3.png

3. Enter the following command to generate Certificate Signing Request.

openssl req -new -key privatekey.pem -outform DER -out customer.der

Enter Details for CSR

Use the name of the web server as the Common Name (CN). If the domain name is mydomain.com, append the domain to the host-name (use the fully qualified domain name, FQDN).The Common Name field should be the FQDN or the web address for which you plan to use your Certificate, for example, the specific area of your site you wish clients to connect to using SSL. 

For example, an SSL Certificate issued for druva.com will not be valid for secure.druva.com. If the web address to be used for SSL is secure.druva.com, ensure that the common name submitted in the CSR is secure.druva.com.

If you are using Druva inSync Cloud the common name will be cloud.druva.com

The fields for email address, optional company name and challenge password can be left blank for a server certificate.

mdm4.png

4. Locate the file “customer.der” in c:\openssl-win32\bin.

5. Upload it to Support Portal.

6. Druva Support will reply with an new file “plist_encoded.dat”. This is the Signed CSR.

Go to top

Create a new Push Certificate

To generate a Apple Push Certificate using the Druva CSR:

1. Go to https://identity.apple.com/pushcert.

2. Log in with your Apple ID.

3. Create a New Push Certificate.

4. Click Choose File and select the “plist_encoded.dat” file sent by Druva Support.

5. Click Upload. 

mdm5.png

mdm6.png

6. Download the Apple Push Notification (APN) Certificate.

Go to top

Edit the APN certificate

You need to edit the certificate and append the SSL certificate at the end of it, in order to generate the APN certificate that is to be uploaded to the inSync Server.

To modify the APN certificate:

1. Open the APN Certificate in Notepad.

mdm7.png

2. Locate and open the “privatekey.pem” file generated previously in c:\openssl-win32\bin and open it. Copy the contents.

mdm8.png

3. Copy and paste the information from the “privatekey.pem” file into the APN Certificate File and save it.

mdm8_1.png

This is the certificate you need to load in the inSync Server Web Panel.

Upload certificate to inSync Server

1. Open the inSync Server Management GUI.

2. Click Manage > Settings > Mobile Certificates.

3. Upload the MDM file in the APN Certificate Section. 

Go to top