Directly contact our Support Team

How to create a Certificate Signing Request (CSR) on Windows Server and Mac

Apple requires an MDM Push certificate to ensure secure communication between the GravityZone Communication Server and the Apple Push Notifications service (APNs) when sending push notifications to iOS devices.

To obtain an Apple MDM Push certificate, you need a Certificate Signing Request (CSR). This article explains how to create a certificate signing request on Windows Server and Mac, and how to obtain the private key associated to the CSR.

How to create a Certificate Signing Request (CSR) on Windows Server

To create a CSR on Windows Server:

  1. Go to Start > Administrative Tools > Internet Information Servicess (IIS) Manager.
  2. Select the server name from the left-side panel.
  3. In the center panel, double-click Server Certificates.
    windows server
  4. In the Actions menu from the right-side, click Create Certificate Request.
  5. In the Distinguished Name Properties window, complete the following fields:
    1. Common name – the fully qualified domain name (FQDN) or the URL for which you want to use the certificate.
    2. Organization – the name under the company is legally registered. Example: MyCompany, Ltd.
    3. Organizational unit – the department of the company for which you use the certificate. Example: IT.
    4. City/locality – the full name of the city where the company is located. Do not abbreviate.
    5. State/province – the full name of the state or province where your company is located.
    6. Country/region – the two-letter ISO-format country code where your company is located. Examples: US (United States of America), GB (United Kingdom), DE (Germany) etc.
      windows server dnp
  6. Click Next.
  7. In the Cryptographic Service Provider Propertieswindow, select the following:
    1. Cryptographic service provider: Microsoft RSA SChannel
    2. Bit length: 2048
  8. Click Next.
  9. In the File Name window, select the location for saving the CSR and enter a name.
  10. Click Finish.

Your CSR is created as a .txt file.

Next, you need to obtain the private key associated to the CSR:

  1. Open the Microsoft Management Console (mmc).
  2. Go to File > Add/Remove Snap-in.
  3. Double-click Certificates in the list of snap-ins.
  4. Select Computer account and click Next.
  5. Select Local computer and click Finish.
  6. Click OK to populate the snap-in.
  7. Go to Console Root > Certificates > Certificate Enrollment Requests.
  8. Right-click the desired CSR and click All Tasks > Export.
  9. In the Certificate Export Wizard, click Next.
  10. Choose Yes, export the private key and click Next.
  11. Select Personal Information Exchange – PKCS #12 and click Next.
  12. Enter a password to protect your private key and click Next.
  13. Choose where to save the private key and click Next.
  14. Click Finish.

The private key is exported as a .pfx file.

How to create a Certificate Signing Request (CSR) on Mac

To create a CSR on Mac:

  1. Go to Applications > Utilities > Keychain Access.
  2. Select login from the left sidebar and Certificates from the category.
  3. In the Keychain Access menu, go to Certificate Assistant > Request a Certificate from a Certificate Autority.
    mac keychain access
  4. Enter an email address and name for the certificate and select Saved to disk.
    note Note:
    You do not need a CA Email address for the Saved to disk option.
    mac certificate
  5. Click Continue.
  6. Select a location for the CSR file and click Save.

Your CSR is created as a .certSigningRequest file.

Next, you need to obtain the private key associated to the CSR:

  1. Go to Applications > Utilities > Keychain Access.
  2. Select login from the left sidebar and Certificates from the category.
  3. In the list, click to expand the left arrow for the desired certificate. You will see the associated private key.
  4. Right-click the private key and select Export.
  5. Save the file in the .p12 format.
  6. Enter a password to protect the private key and click OK.

The private key is exported as a .p12 file, which is the same format as .pfx.

Once you have the CSR, you can get it signed by Bitdefender and add the Apple MDM Push certificate in the GravityZone Control Center. For details, refer to this KB article.

Can't find a solution for your problem? Open an email ticket and we will answer the question or concern in the shortest time possible.

Rate this article:

Submit