Open topic with navigation

Use > Inventory > About Mobile Device Inventory (MDI) > APNS Certificate Tool

Using the APNS Certificate Tool

To manage iOS devices, the MDI service needs to communicate with the Apple Notification Service and respond to requests from the devices. To do so, use the APNS Certificate Tool to create a specific certificate (called mdm.p12) and a configuration profile (called enroll.mobileconfig) for the server hosting the MDI service in your installation.

Use the APNS Certificate Tool

Access the APNS Certificate Tool by double-clicking the FRSMDICertManager shortcut on your desktop. You can also navigate to: http://<your_HEAT_Discovery_Server/IP_Address>/MDICertManager.

The toolbar guides you through the steps.

Create Encoded Plist File

From the web page:

1. Under Company Information, enter the organization name, website domain (in the format www.domain-name.com), city, state, and country (ISO code).
2. Click Create Plist Encoded.

A message appears asking if you would like to use this file to create the Apple Push Certificate.

3. Click OK to continue.

A Download plist_encoded link appears on the page.

4. Click the link to download the plist_encoded file.
5. Use the file to create a MDM_<your_profile_name>_Certificate.pem file.
a. Navigate to https://identity.apple.com/pushcert and log in with a valid Apple ID.
b. Click Create a Certificate and upload the plist_encoded file.
c. Download the certificate you create (called MDM_<your_profile_name>_Certificate.pem).
6. Return to the APNS Certificate Tool.

Create MDM.p12

From the Create mdm.p12 page,do the following:

1. Browse to the file called MDM_<your_profile_name>_Certificate.pem that you downloaded from Apple.
2. Upload the file by clicking Upload MDM Push Certificate.
3. After the file is uploaded, click Create mdm.p12 .

If the file upload is successful, the system displays a link to download the mdm.p12 file.

4. Download the file.

Create Enroll.MobileConfig

From the Create Enroll Mobile Configuration page, do the following:

1. Browse to and select the files then click Upload File for the following:
2. Install the .pfx file on the MDI server then export it to .cer format by using IIS, or if the file you received from the Certificate Authority is in .pfx format, convert it to .cer format using the following command: openssl pkcs12 -in sslCert.pfx -out sslCert.cer –nodes.
3. CA Root Certificate Name For example, the file called RootCA.crt is available from the Certificate Authority provider (such as Verisign or Comodo). Download it from the provider website.
4. In the MDI Server URL field, enter the domain for your MDI server, then click Create Enroll Mobile Configuration.

If the configuration is successful, the system displays a link to download this file.

5. Copy the two files (called mdm.p12 and enroll.mobileconfig ) to the ~/Certificate folder on the MDI server.

For information about the location on where to deploy or copy these files see Deploying the Mobile Device Inventory (MDI) Service in Deploying the Mobile Device Inventory (MDI) Service .

Related Information

HEAT Discovery Asset Management

Manage Inventory Settings

Manage Gateway Settings

Deploying the MDI Service

Configuring Mobile Device Inventory

Topics

Inventory

How Discovery and Inventory Auditing work

About Mobile Device Inventory (MDI)

About MDI Client and the MDI Service

Tasks

Viewing and Managing Asset Data

Using Audits

Using Inventory Discovery and Auditing

Auditing Virtual Machines

Reference

Running an Active Directory Scan

Deploying Agents to Other Computers

Inventory Lifecycle

Troubleshooting

Copyright © 2011-2014 FrontRange Solutions USA Inc. | All Rights Reserved