Using the APNS Certificate Tool
To manage iOS devices, the MDI service needs to communicate with the Apple Notification Service and respond to requests from the devices. To do so, use the APNS Certificate Tool to create a specific certificate (called mdm.p12) and a configuration profile (called enroll.mobileconfig) for the server hosting the MDI service in your installation.
Use the APNS Certificate Tool
Access the APNS Certificate Tool by double-clicking the FRSMDICertManager shortcut on your desktop. You can also navigate to: http://<your_HEAT_Discovery_Server/IP_Address>/MDICertManager.
The toolbar guides you through the steps.
Create Encoded Plist File
From the web page:
|
1.
|
Under Company Information, enter the organization name, website domain (in the format www.domain-name.com), city, state, and country (ISO code). |
|
2.
|
Click Create Plist Encoded.
|
A message appears asking if you would like to use this file to create the Apple Push Certificate.
A Download plist_encoded link appears on the page.
|
4.
|
Click the link to download the plist_encoded file. |
|
5.
|
Use the file to create a MDM_<your_profile_name>_Certificate.pem file. |
|
a.
|
Navigate to https://identity.apple.com/pushcert and log in with a valid Apple ID. |
|
b.
|
Click Create a Certificate and upload the plist_encoded file. |
|
c.
|
Download the certificate you create (called MDM_<your_profile_name>_Certificate.pem). |
|
6.
|
Return to the APNS Certificate Tool. |
Create MDM.p12
From the Create mdm.p12 page,do the following:
|
1.
|
Browse to the file called MDM_<your_profile_name>_Certificate.pem that you downloaded from Apple. |
|
2.
|
Upload the file by clicking Upload MDM Push Certificate. |
|
3.
|
After the file is uploaded, click Create mdm.p12 . |
If the file upload is successful, the system displays a link to download the mdm.p12 file.
Create Enroll.MobileConfig
From the Create Enroll Mobile Configuration page, do the following:
|
1.
|
Browse to and select the files then click Upload File for the following: |
- MDM Push Certificate
- SSL Certificate Name sslCert.cer
|
2.
|
Install the .pfx file on the MDI server then export it to .cer format by using IIS, or if the file you received from the Certificate Authority is in .pfx format, convert it to .cer format using the following command: openssl pkcs12 -in sslCert.pfx -out sslCert.cer –nodes.
|
|
3.
|
CA Root Certificate Name For example, the file called RootCA.crt is available from the Certificate Authority provider (such as Verisign or Comodo). Download it from the provider website.
|
|
4.
|
In the MDI Server URL field, enter the domain for your MDI server, then click Create Enroll Mobile Configuration. |
If the configuration is successful, the system displays a link to download this file.
|
5.
|
Copy the two files (called mdm.p12 and enroll.mobileconfig ) to the ~/Certificate folder on the MDI server. |
For information about the location on where to deploy or copy these files see Deploying the Mobile Device Inventory (MDI) Service in Deploying the Mobile Device Inventory (MDI) Service .