ON PREMISES SOLUTIONS

Configuration

Adding an Apple MDM Push certificate in Control Center

This section explains how you can obtain and add an Apple MDM Push certificate in Control Center.

Introduction

Apple requires an MDM Push certificate to ensure secure communication between the Communication Server and the Apple Push Notifications service (APNs) when sending push notifications. Push notifications are used to prompt devices to connect to the Communication Server when new tasks or policy changes are available.

The Apple MDM Push certificate is valid for one year only. When the certificate is about to expire, you must renew it and import the renewed certificate in Control Center. If you allow the certificate to expire, you must create a new one and reactivate all your devices.

You need an Apple ID to obtain and manage the certificate. If you do not have an Apple ID, you can create one on My Apple ID webpage. Use a generic and not an employee's email address to register for the Apple ID, as you will need it later to renew the certificate.

Note

Apple website does not work properly on Internet Explorer. We recommend using the latest versions of Safari or Chrome.

Adding the Apple MDM Push certificate

Control Center provides a wizard to help you easily obtain and import the required Apple MDM Push certificate. Follow these steps:

  1. Log in to Control Center using a Company Administrator account or a custom account with Manage Solution right.

  2. Go to the Configuration > Certificates page.

  3. Click the certificate name and follow the wizard as described below:

    23701_1.png

    Step 1 - Obtain a Certificate Signing Request signed by Bitdefender

    Select the appropriate option:

    • I need to generate a certificate signing request signed by Bitdefender(Recommended)

      1. Enter your company name, your full name and email address in the corresponding fields.

      2. Click Generate to download the CSR file signed by Bitdefender.

        23701_2.png
    • I already have a certificate signing request and I need to get it signed by Bitdefender

      1. Upload your CSR file and the associated private key by clicking the Add button next to their fields.

        The Communication Server needs the private key when authenticating with the APNs servers.

      2. Specify the password protecting the private key, if any.

      3. Click the Sign button to download the CSR file signed by Bitdefender.

        23701_3.png

    Step 2 - Request a push certificate from Apple

    1. Click the Apple Push Certificates Portal link and sign in using your Apple ID and password.

      23701_4.png
    2. Click the Create a Certificate button and accept the Terms of Use.

    3. Click Choose file, select the CSR file and then click Upload.

      23701_5.png

      Note

      You may find the Choose file button with a different name such as Choose or Browse, depending on the browser you use.

    4. From the confirmation page, click the Download button to receive your MDM Push certificate.

      23701_6.png
    5. Go back to the wizard from Control Center.

    Step 3 - Import the Apple push certificate

    Click the Add Certificate button to upload the certificate file from your computer. You may check the certificate details in the field below.

  4. Click Save.

Related articles

How to renew the Apple MDM Push certificate

Creating a Certificate Signing Request (CSR) on Windows Server and Mac

This section explains how to create a Certificate Signing Request on Windows Server and Mac, and how to obtain the private key associated to the CSR.

Apple requires an MDM Push certificate to ensure secure communication between the GravityZone Communication Server and the Apple Push Notifications service (APNs) when sending push notifications to iOS devices.

To obtain an Apple MDM Push certificate, you need a Certificate Signing Request (CSR) that you can create on Windows Server or on Mac.

To create a CSR on Windows Server:

  1. Go to Start > Administrative Tools > Internet Information Services (IIS) Manager.

  2. Select the server name from the left-side panel.

  3. In the center panel, double-click Server Certificates.

    15041_1.png
  4. In the Actions menu from the right-side, click Create Certificate Request.

  5. In the Distinguished Name Properties window, complete the following fields:

    1. Common name – the fully qualified domain name (FQDN) or the URL for which you want to use the certificate.

    2. Organization – the name under the company is legally registered. Example: MyCompany, Ltd.

    3. Organizational unit – the department of the company for which you use the certificate. Example: IT.

    4. City/locality – the full name of the city where the company is located. Do not abbreviate.

    5. State/province – the full name of the state or province where your company is located.

    6. Country/region – the two-letter ISO-format country code where your company is located. Examples: US (United States of America), GB (United Kingdom), DE (Germany) etc.

      15041_2.png
  6. Click Next.

  7. In the Cryptographic Service Provider Propertieswindow, select the following:

    1. Cryptographic service provider: Microsoft RSA SChannel

    2. Bit length: 2048

  8. Click Next.

  9. In the File Name window, select the location for saving the CSR and enter a name.

  10. Click Finish.

Your CSR is created as a .txt file.

Next, you need to obtain the private key associated to the CSR:

  1. Open the Microsoft Management Console (mmc).

  2. Go to File > Add/Remove Snap-in.

  3. Double-click Certificates in the list of snap-ins.

  4. Select Computer account and click Next.

  5. Select Local computer and click Finish.

  6. Click OK to populate the snap-in.

  7. Go to Console Root > Certificates > Certificate Enrollment Requests.

  8. Right-click the desired CSR and click All Tasks > Export.

  9. In the Certificate Export Wizard, click Next.

  10. Choose Yes, export the private key and click Next.

  11. Select Personal Information Exchange – PKCS #12 and click Next.

  12. Enter a password to protect your private key and click Next.

  13. Choose where to save the private key and click Next.

  14. Click Finish.

The private key is exported as a .pfx file.

To create a CSR on Mac:

  1. Go to Applications > Utilities > Keychain Access.

  2. Select login from the left sidebar and Certificates from the category.

  3. In the Keychain Access menu, go to Certificate Assistant > Request a Certificate from a Certificate Autority.

    15041_3.png
  4. Enter an email address and name for the certificate and select Saved to disk.

    Note

    You do not need a CA Email address for the Saved to disk option.

    15041_4.png
  5. Click Continue.

  6. Select a location for the CSR file and click Save.

Your CSR is created as a .certSigningRequest file.

Next, you need to obtain the private key associated to the CSR:

  1. Go to Applications > Utilities > Keychain Access.

  2. Select login from the left sidebar and Certificates from the category.

  3. In the list, click to expand the left arrow for the desired certificate. You will see the associated private key.

  4. Right-click the private key and select Export.

  5. Save the file in the .p12 format.

  6. Enter a password to protect the private key and click OK.

The private key is exported as a .p12 file, which is the same format as .pfx.

Once you have the CSR, you can get it signed by Bitdefender and add the Apple MDM Push certificate in the GravityZone Control Center. For details, refer to Adding an Apple MDM Push certificate in Control Center.

Renewing the Apple MDM Push certificate

This section explains how you can renew the Apple MDM Push certificate and update it in Control Center.

To renew the Apple MDM certificate and update it in Control Center:

  1. Log in to Control Center using a Company Administrator account or a custom account with Manage Solution right.

  2. Go to the Configuration > Certificates page.

  3. Click the certificate name to open the import wizard.

    23766_1.png
  4. First, you need to obtain a Certificate Signing Request (CSR) signed by Bitdefender. Select the appropriate option and follow the corresponding steps:

    • I need to generate a certificate signing request signed by Bitdefender(Recommended)

      1. Enter your company name, your full name and email address in the corresponding fields.

      2. Click Generate to download the CSR file signed by Bitdefender.

        23766_2.png
    • I already have a certificate signing request and I need to get it signed by Bitdefender

      1. Upload your CSR file and the associated private key by clicking the Add button next to their fields.

        The Communication Server needs the private key when authenticating with the APNs servers.

      2. Specify the password protecting the private key, if any.

      3. Click the Sign button to download the CSR file signed by Bitdefender.

        23766_3.png
  5. Click the Apple Push Certificates Portal link and sign in with the same Apple ID used to create the certificate.

    Note: Apple website does not work properly on Internet Explorer. We recommend using the latest versions of Safari or Chrome.

    23766_4.png
  6. Locate the MDM Push certificate for Bitdefender and click the corresponding Renew button.

    23766__10.png

    If you have several certificates for Bitdefender, to make sure you renew the right certificate:

    1. Go to Control Center and close the wizard.

    2. Select the Apple MDM Push certificate and copy the Common Name to a text file.

      23766_5.png
    3. Go back to Apple Push Certificates Portal.

    4. For each certificate from Bitdefender, click the Certificate info icon and compare the CN with the Common Name copied from Control Center.

      23766_6.png
  7. Click Choose file, select the CSR file and then click Upload.

    Note: You may find the Choose file button with a different name such as Choose or Browse, depending on the browser you use.

    23766_7.png
  8. Click Download to save the certificate to your computer.

    23766_8.png
  9. Go back to the wizard from Control Center and click the Add Certificate button to upload the certificate file from your computer.

    You may check the certificate details in the field below.

    23766_9.png
  10. Click Save.

To verify the certificate renewal, run a Lock task on a managed Apple device.

Related articles

Adding an Apple MDM Push certificate in Control Center