APNs certificates 编辑

To enroll and manage Apple devices in Endpoint Management, you set up an Apple Push Notification service (APNs) certificate from Apple. The certificate enables mobile device management through the Apple Push Network.

Workflow summary:

Step 1: Create a Certificate Signing Request (CSR) through any of these methods:

Step 2: Sign the CSR in Endpoint Management Tools

Step 3: Submit the signed CSR to Apple to obtain the APNs certificate

Step 4: Using the same computer used for Step 1, Complete the CSR and export a PKCS #12 file:

Step 5: Import an APNs certificate into Endpoint Management

Step 6: Renew an APNs certificate

Create a Certificate Signing Request

We recommend that you create a CSR by using Keychain Access on macOS. You can also create a CSR by using Microsoft IIS or OpenSSL.

Important:

  • For the Apple ID used to create the certificate:
    • The Apple ID must be a corporate ID and not a personal ID.
    • Record the Apple ID that you use to create the certificate.
    • To renew your certificate, use the same organization name and Apple ID. Using a different Apple ID to renew the certificate require device re-enrollment.
  • If you accidentally or intentionally revoke the certificate, you lose the ability to manage your devices.

  • If you used the iOS Developer Enterprise Program to create a mobile device manager push certificate: Be sure to handle any actions for the migrated certificates in the Apple Push Certificates Portal.

Create a CSR by using Keychain Access on macOS

  1. On a computer running macOS, under Applications > Utilities, start the Keychain Access app.
  2. Open the Keychain Access menu and then click Certificate Assistant > Request a Certificate From a Certificate Authority.
  3. The Certificate Assistant prompts you to enter the following information:
    • Email Address: Email address of the individual or role account who manages the certificate.
    • Common Name: Common name of the individual or a role account who manages the certificate.
    • CA Email Address: Email address of the Certificate Authority.
  4. Select the Saved to disk and Let me specify key pair information options and then click Continue.
  5. Enter a name for the CSR file, save the file on your computer, and then click Save.
  6. Specify the key pair information: Select the Key Size of 2048 bits and the RSA algorithm and then click Continue. The CSR file is ready for you to upload as part of the APNs certificate process.
  7. Click Done when the Certificate Assistant completes the CSR process.
  8. To continue, Sign the CSR.

Create a CSR by using Microsoft IIS

The first step for generating an APNs certificate request is to create a Certificate Signing Request (CSR). For Windows, generate a CSR by using Microsoft IIS.

  1. Open Microsoft IIS.
  2. Double-click the Server Certificates icon for IIS.
  3. In the Server Certificates window, click Create Certificate Request.
  4. Type the appropriate Distinguished Name (DN) information. For example, you can type the fully qualified domain name (FQDN) of your Endpoint Management server, such as www.domain.com. Then click Next.
  5. Select Microsoft RSA SChannel Cryptographic Provider for the Cryptographic Service Provider and 2048 for bit length and then click Next.
  6. Enter a file name and specify a location to save the CSR and then click Finish.
  7. To continue, Sign the CSR.

Create a CSR by using OpenSSL

If you can’t use a macOS device or Microsoft IIS to generate a CSR, use OpenSSL. You can download and install OpenSSL from the OpenSSL website.

  1. On the computer where you install OpenSSL, run the following command from a command prompt or shell.

    openssl req -new -keyout Customer.key.pem –out CompanyAPNScertificate.csr -newkey rsa:2048

  2. The following message for certificate naming information appears. Enter the information as requested.

    You are about to be asked to enter information that will be incorporated into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:CA
    Locality Name (eg, city) []:RWC
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Customer
    Organizational Unit Name (eg, section) [:Marketing
    Common Name (eg, YOUR name) []:John Doe
    Email Address []:john.doe@customer.com
    <!--NeedCopy-->
    

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:83 次

字数:6877

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文