How to generate and install an Apple Push Notification certificate?
This article explains how an IT Administrator can create and load an Apple Push Notification certificate, which is required for implementing inSync's Data Loss Prevention features on all enterprise mobile devices.
Before you begin
You will need an Apple ID to log in to the Apple site and generate an Apple MDM Certificate.
Read the Mobile FAQs to get an overview of how inSync uses MDM certificates.
Download and Install OpenSSL
Go to http://slproweb.com/products/Win32OpenSSL.html. Download and install OpenSSL.
For related information, see How to set up and install a Trusted Certificate from a Certification Authority (CA).
Generate a private key
To generate a private key and get a Certificate Signing Request:
1. Open a command prompt. Navigate to c:\openssl-win32\bin.
2. At the command prompt, enter the following commands to generate a private key.
openssl genrsa -out privatekey.pem 2048
3. Enter the following command to generate Certificate Signing Request.
openssl req -new -key privatekey.pem -outform DER -out customer.der
Enter Details for CSR
Use the name of the web server as the Common Name (CN). If the domain name is mydomain.com, append the domain to the host-name (use the fully qualified domain name, FQDN).The Common Name field should be the FQDN or the web address for which you plan to use your Certificate, for example, the specific area of your site you wish clients to connect to using SSL.
For example, an SSL Certificate issued for druva.com will not be valid for secure.druva.com. If the web address to be used for SSL is secure.druva.com, ensure that the common name submitted in the CSR is secure.druva.com.
If you are using Druva inSync Cloud the common name will be cloud.druva.com
The fields for email address, optional company name and challenge password can be left blank for a server certificate.
4. Locate the file “customer.der” in c:\openssl-win32\bin.
5. Upload it to Support Portal.
6. Druva Support will reply with an new file “plist_encoded.dat”. This is the Signed CSR.
Create a new Push Certificate
To generate a Apple Push Certificate using the Druva CSR:
1. Go to https://identity.apple.com/pushcert.
2. Log in with your Apple ID.
3. Create a New Push Certificate.
4. Click Choose File and select the “plist_encoded.dat” file sent by Druva Support.
5. Click Upload.
6. Download the Apple Push Notification (APN) Certificate.
Edit the APN certificate
You need to edit the certificate and append the SSL certificate at the end of it, in order to generate the APN certificate that is to be uploaded to the inSync Server.
To modify the APN certificate:
1. Open the APN Certificate in Notepad.
2. Locate and open the “privatekey.pem” file generated previously in c:\openssl-win32\bin and open it. Copy the contents.
3. Copy and paste the information from the “privatekey.pem” file into the APN Certificate File and save it.
This is the certificate you need to load in the inSync Server Web Panel.
Upload certificate to inSync Server
1. Open the inSync Server Management GUI.
2. Click Manage > Settings > Mobile Certificates.
3. Upload the MDM file in the APN Certificate Section.