Scenario: Creating, renewing, and uploading an APNs certificate

To manage iOS and iPadOS mobile devices (by sending commands to devices or modifying device settings), an Apple Push Notification service certificate (APNs certificate) must be created and uploaded to Kaspersky Endpoint Security Cloud Management Console. The activities of creating and uploading a certificate are performed once for each workspace.

Without an APNs certificate, it is not possible to manage iOS and iPadOS devices.

The scenario of creating, renewing, or uploading an APNs certificate proceeds in stages:

  1. In Kaspersky Endpoint Security Cloud Management Console, you create a certificate signing request (CSR).
  2. On the Apple Inc. portal, you receive an APNs certificate by using the CSR you signed, and then save this certificate on your computer.
  3. You upload the APNs certificate that you received to Kaspersky Endpoint Security Cloud Management Console.

Prerequisite

To create an APNs certificate, you must obtain an Apple ID. If you do not have an Apple ID, register on Apple Push Certificates Portal. We recommend that you avoid using your personal Apple ID.

Creating or renewing an APNs certificate

The procedures for creating a new APNs certificate and renewing an existing APNs certificate that has expired are similar.

If you have an active APNs certificate, you can upload it to Kaspersky Endpoint Security Cloud Management Console without having to create or renew an APNs certificate. See the second procedure in this section.

The APNs certificate is created in one run. You must follow the steps for its creation without interruption, because the signing process has a time stamp that will expire if the creation process takes too long.

To create or renew an APNs certificate:

  1. In the Information panel section, on the Getting started tab, under Recommended, click the Create or update an APNs certificate link.

    The Create, renew, or upload an Apple Push Notification service certificate (APNs certificate) Wizard starts with a page listing possible actions.

  2. Select the Create an APNs certificate or Renew an APNs certificate option, and then click Next.

    This opens a page containing a list of steps to complete to obtain an APNs certificate.

    If you only want to upload a prepared APNs certificate to Kaspersky Endpoint Security Cloud Management Console, use the Uploading a previously prepared APNs certificate procedure below.

  3. In the list of steps on the Wizard page, click the Create a Certificate Signing Request (CSR) link.

    The Create a CSR page opens.

  4. Fill in the following entry fields: Name, Company, Department, City, State or Province, and Country and region. In the Name field, specify your name.

    By default, the Company field specifies the name of your company, and the Country and region field specifies the name of the country and the region where your company is located. All of these entry fields are required.

  5. Click the Create CSR button.

    A CSR file is created. The CSR file you created is saved to a folder on your computer. By default, all downloaded files are saved in the Downloads folder.

    The Request the public key of the APNs certificate page opens.

  6. Click the indicated link to sign in to the Apple Push Certificates Portal.

    The new browser tab displays the Sign In window with the Apple ID and Password entry fields.

  7. Enter the Apple ID and Password of your company, and then click Sign In.

    The Create a New Push Certificate window opens.

  8. Click Browse to select the signed CSR file on your computer, and then click Upload.

    The Certificates for Third-Party Servers window opens, showing your certificate.

  9. In the data string of your certificate, click Download.

    The APNs certificate is saved to the folder on your computer.

  10. In Kaspersky Endpoint Security Cloud Management Console, on the Request the public key of the APNs certificate page of the Wizard, click Next.
  11. On the Upload a prepared APNs certificate to the Management Console page that opens, click the Browse button, and then select an APNs certificate file from the displayed list of files on your computer.
  12. Click Next.

    This opens the Apple Push Notification service certificate details page that contains the name of the downloaded file, the name of the certification center, and the certificate validity start and end dates.

  13. Click Next.

    This opens a page prompting you to create a password-protected backup copy of the APNs certificate on your computer hard drive.

  14. Select the action to take on the APNs certificate:
    • Finish creating or renewing the APNs certificate without creating a backup copy.
    • Create a password-protected copy of the APNs certificate on your computer's hard drive.

    The Create a password-protected copy of the APNs certificate on your computer's hard drive option is selected by default.

  15. If you chose the option that includes creating a copy of the APNs certificate, enter the password for protecting the APNs certificate, confirm the password, and then click the Save protected copy of APNs certificate button.
  16. Click OK.

    If you chose the option that includes creating a copy of the APNs certificate, a password-protected copy of the APNs certificate is saved on your computer's hard drive. The APNs Certificate Preparation Wizard closes.

The creation or renewal of the APNs certificate is complete. The APNs certificate is uploaded to Kaspersky Endpoint Security Cloud Management Console.

At each step of the procedure for creating or renewing an APNs certificate, you can return to the previous step by clicking the Back button.

After the successful creation or renewal of an APNs certificate, you can connect iOS and iPadOS devices to Kaspersky Endpoint Security Cloud, send commands to iOS and iPadOS devices, install apps on iOS and iPadOS devices, and configure these devices by using a security profile.

Uploading a previously prepared APNs certificate

To upload a previously prepared APNs certificate to Kaspersky Endpoint Security Cloud Management Console:

  1. In the Information panel section, on the Getting started tab, under Recommended, click the Create or update an APNs certificate link.

    The Create, renew, or upload an Apple Push Notification service certificate (APNs certificate) Wizard starts with a page listing possible actions.

  2. Select the Upload a prepared APNs certificate option, and then click Next.

    This opens the Upload a previously prepared APNs certificate page.

  3. On the Upload a previously prepared APNs certificate page, click the Browse button, and then select an APNs certificate file from the displayed list of files on your computer.
  4. Click Next.

    If the APNs certificate file is password-protected, a page with the password request opens.

  5. On the page with the password request, enter the password protecting the APNs certificate file, and then click Next.

    This opens the Details of downloaded certificate file page that indicates the name of the downloaded file, the name of the certification center, and the certificate validity start and end dates.

    If the APNs certificate file does not correspond to the workspace with which you are currently working, an error message is displayed.

  6. Click OK.

The APNs certificate is uploaded to Kaspersky Endpoint Security Cloud Management Console.

At each step of the procedure for uploading an APNs certificate, you can return to the previous step by clicking the Back button.

After the successful upload of an APNs certificate, you can connect iOS and iPadOS devices to Kaspersky Endpoint Security Cloud, send commands to iOS and iPadOS devices, install apps on iOS and iPadOS devices, and configure these devices by using a security profile.

Page top