Receiving or renewing an APNs certificate

To ensure proper functioning of the iOS MDM service and timely responses of mobile devices to the administrator's commands, you need to specify an Apple Push Notification service certificate (APNs certificate) in the iOS MDM Server settings.

If you already have an APNs certificate, please consider renewing it instead of receiving a new one. When you replace the existing APNs certificate with a newly created one, Administration Server can no longer manage the previously connected iOS MDM devices.

To issue or renew an APNs certificate:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)MobileiOS MDM Servers. In the list of iOS MDM Servers that opens, click the iOS MDM Server whose settings you want to configure.
  2. In the iOS MDM Server settings window, select Application settings.
  3. Select the Certificates tab.
  4. In the Apple Push Notification service (APNs) certificate block of settings, click Issue or renew.

    The APNs certificate wizard opens. Click Start and then proceed through the wizard using the Back and Next buttons.

    When the Certificate Signing Request (CSR) is created at the first step of the wizard, its private key is stored in the RAM of your device. Accordingly, all the steps of the wizard must be completed without interruption within a single session.

Step 1. Create a Certificate Signing Request (CSR)

To create a CSR:

  1. Specify the required information for generating a request file: Common Name (CN), Organization Name (O), Organization Unit Name (OU), City (L), Region (S), Country (C).
  2. Click Save.

    After you save the changes, a CSR file will be generated, and the private key of the certificate will be saved in the device memory.

Step 2. Sign the CSR file

At this step, send the CSR file that you received in the previous step of the wizard to Kaspersky for signing:

  1. Click Go to Kaspersky CompanyAccount.
  2. Send the created CSR file to Kaspersky to be signed.

    Please note that you will be able to sign the CSR file only after you upload a key that lets you use the Mobile Device Management solution.

  3. After your request is successfully processed, you will receive a CSR file signed by Kaspersky.
  4. Save the received file.

Step 3. Receive the APNs certificate public key

At this step, do one of the following if you want to issue a new certificate or renew an existing one:

To issue a new certificate:

  1. Click Go to Apple portal.
  2. Log in to the Apple portal with a corporate Apple ID.

    We recommend that you avoid using a personal Apple ID. Create a dedicated Apple ID to make it your corporate ID. After you have created an Apple ID, link it with the organization's mailbox, not a mailbox of an employee.

  3. Upload a signed CSR file.

    The file will be used to generate the public key of the APNs certificate.

  4. After your CSR is processed by Apple, you will receive the public key of the APNs certificate.

    Save the received file.

To renew a certificate:

  1. Click Go to Apple portal.
  2. Log in to the Apple portal with a corporate Apple ID.

    We recommend that you avoid using a personal Apple ID. Create a dedicated Apple ID to make it your corporate ID. After you have created an Apple ID, link it with the organization's mailbox, not a mailbox of an employee.

  3. Specify the certificate you want to renew.
  4. Upload a signed CSR file.

    The file will be used to generate the public key of the APNs certificate.

  5. After your CSR is processed by Apple, you will receive the public key of the APNs certificate.

    Save the received file.

Step 4. Specify the APNs certificate public key

At this step, upload the public key file received from Apple in the previous step of the wizard:

  1. Click Select.
  2. In the File Explorer window that opens, specify a certificate file in PEM, PFX, or P12 format, and then click Open.

Step 5. Specify the APNs certificate private key password

At this step, enter the certificate name and private key password:

  1. In the Certificate name field, specify a custom name for the certificate.
  2. In the Private key password field, specify the private key password for the certificate.

    This password will be used to install the APNs certificate on iOS MDM Server.

  3. In the Confirm password, enter the password again.

Step 6. Complete the CSR

At this step, the APNs certificate is generated and ready to be installed on iOS MDM Server.

  1. To complete the CSR, click Download APNs certificate to save the created certificate.
  2. Click Done to exit the wizard.

The private and public keys of the certificate are combined, and the APNs certificate is saved in PEM format.

Now you can install the generated APNs certificate on iOS MDM Server.

Page top