APNs certificates 编辑
To enroll and manage Apple devices in Endpoint Management, you set up an Apple Push Notification service (APNs) certificate from Apple. The certificate enables mobile device management through the Apple Push Network.
Workflow summary:
Step 1: Create a Certificate Signing Request (CSR) through any of these methods:
- Create a CSR by using Keychain Access on macOS (recommended by Citrix)
- Create a CSR by using Microsoft IIS
- Create a CSR by using OpenSSL
Step 2: Sign the CSR in Endpoint Management Tools
Step 3: Submit the signed CSR to Apple to obtain the APNs certificate
Step 4: Using the same computer used for Step 1, Complete the CSR and export a PKCS #12 file:
- Create a PKCS #12 file by using Keychain Access on macOS
- Create a PKCS #12 file by using Microsoft IIS
- Create a PKCS #12 file by using OpenSSL
Step 5: Import an APNs certificate into Endpoint Management
Step 6: Renew an APNs certificate
Create a Certificate Signing Request
We recommend that you create a CSR by using Keychain Access on macOS. You can also create a CSR by using Microsoft IIS or OpenSSL.
Important:
- For the Apple ID used to create the certificate:
- The Apple ID must be a corporate ID and not a personal ID.
- Record the Apple ID that you use to create the certificate.
- To renew your certificate, use the same organization name and Apple ID. Using a different Apple ID to renew the certificate require device re-enrollment.
If you accidentally or intentionally revoke the certificate, you lose the ability to manage your devices.
- If you used the iOS Developer Enterprise Program to create a mobile device manager push certificate: Be sure to handle any actions for the migrated certificates in the Apple Push Certificates Portal.
Create a CSR by using Keychain Access on macOS
- On a computer running macOS, under Applications > Utilities, start the Keychain Access app.
- Open the Keychain Access menu and then click Certificate Assistant > Request a Certificate From a Certificate Authority.
- The Certificate Assistant prompts you to enter the following information:
- Email Address: Email address of the individual or role account who manages the certificate.
- Common Name: Common name of the individual or a role account who manages the certificate.
- CA Email Address: Email address of the Certificate Authority.
- Select the Saved to disk and Let me specify key pair information options and then click Continue.
- Enter a name for the CSR file, save the file on your computer, and then click Save.
- Specify the key pair information: Select the Key Size of 2048 bits and the RSA algorithm and then click Continue. The CSR file is ready for you to upload as part of the APNs certificate process.
- Click Done when the Certificate Assistant completes the CSR process.
- To continue, Sign the CSR.
Create a CSR by using Microsoft IIS
The first step for generating an APNs certificate request is to create a Certificate Signing Request (CSR). For Windows, generate a CSR by using Microsoft IIS.
- Open Microsoft IIS.
- Double-click the Server Certificates icon for IIS.
- In the Server Certificates window, click Create Certificate Request.
- Type the appropriate Distinguished Name (DN) information. For example, you can type the fully qualified domain name (FQDN) of your Endpoint Management server, such as
www.domain.com
. Then click Next. - Select Microsoft RSA SChannel Cryptographic Provider for the Cryptographic Service Provider and 2048 for bit length and then click Next.
- Enter a file name and specify a location to save the CSR and then click Finish.
- To continue, Sign the CSR.
Create a CSR by using OpenSSL
If you can’t use a macOS device or Microsoft IIS to generate a CSR, use OpenSSL. You can download and install OpenSSL from the OpenSSL website.
On the computer where you install OpenSSL, run the following command from a command prompt or shell.
openssl req -new -keyout Customer.key.pem –out CompanyAPNScertificate.csr -newkey rsa:2048
The following message for certificate naming information appears. Enter the information as requested.
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:CA Locality Name (eg, city) []:RWC Organization Name (eg, company) [Internet Widgits Pty Ltd]:Customer Organizational Unit Name (eg, section) [:Marketing Common Name (eg, YOUR name) []:John Doe Email Address []:john.doe@customer.com <!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论