Installation and renewal of Apple MDM certificate

Snow Device Manager 5

2017-07-10

Introduction

This guide describes how to install and renew an Apple MDM (Mobile Device management) Certificate. An Apple MDM Certificate is needed when enrolling iOS mobile devices to Snow Device Manager.

The Apple MDM certificate must be renewed before it expires, otherwise all iOS devices on the domain will lose their connection to Snow Device Manager. If the devices lose their connection, they must be re-enrolled.

Note

Several files are generated when you install an Apple MDM Certificate. We recommend that you delete these files when you have installed the certificate. To make it easier to delete the files, we recommend that you save the files in one location, for example a new folder on your desktop.

Prerequisites

To install an Apple MDM Certificate, the company or organization must have an Apple ID. To renew the certificate, the company or organization must have access to the Apple ID used to install the certificate.

To create an Apple ID, go to https://appleid.apple.com

In the installation and renewal process, we recommend that you use the web browser Apple Safari. The web browsers Google Chrome and Mozilla Firefox can also work for the installation and renewal process.

It is not possible to use Internet Explorer since the web browser cannot interpret .pem files.

It is recommended to create an Apple ID with non-personal credentials. If a personal Apple ID is created and the person who created the Apple ID leaves the organization, the Apple ID is lost.

It is also very important to store login credentials safely.

Install an Apple MDM Certificate

  1. In Snow Device Manager, on the Domain admin tab, click Service management.

    The Service management workbench appears.

  2. On the Domain services page, double-click the device push service.

    The Device Push Service dialog box appears.

  3. Click Create CSR.

    InstallAppleMDM2.png

    The Create Apple MDM Signing Request dialog box appears.

  4. In the Create Apple MDM Signing Request dialog box:

    1. Type your Apple ID in the Email box.

    2. Type a name, preferably your SDM domain name, in the Common Name box.

    3. Click Generate.

      InstallAppleMDM3.png

      A .csr file is generated.

  5. Save the .csr file.

  6. In the Device Push Service dialog box, click Apply.

    InstallAppleMDM4.png
  7. In the Domain Settings dialog box, click Save.

    The Domain Settings dialog box closes.

  8. In a web browser, go to https://identity.apple.com/pushcert and sign in with your Apple ID credentials.

  9. Click Create a Certificate.

  10. Click Browse and navigate to your .csr file.

  11. Click Upload.

  12. Click Download.

    A .pem file is saved in your default download folder.

  13. On the Domain menu, click Edit.

    The Domain Settings dialog box appears.

  14. On the Services tab, double-click DevicePush.

    The Device Push Service dialog box appears.

  15. Click Upload APN, and then wait for the upload to finish.

    InstallAppleMDM6.png

    Note

    If, and only if, there is an error message with information that there was a problem with the last generated CSR file, click Reset CSR and repeat Step 3 to Step 15.

  16. In the Domain Settings dialog box, click Save.

    The MDM certificate is installed and you can now enroll iOS devices in Snow Device Manager.

Renew an Apple MDM certificate

  1. In Snow Device Manager, on the Domain admin tab, click Service Management.

    The Service Management workbench appears.

  2. On the Domain services page, double-click the device push service.

    The Device Push Service dialog box appears.

  3. Click Advanced.

    The Apple Certificates dialog box appears.

  4. Create a back-up copy of the previously installed certificate according to the following actions:

    1. Select your certificate and click Get.

      The Format dialog box appears.

    2. Write down the password, and then click No.

      image008.png
    3. Save a back-up copy of the certificate.

    When creating a back-up copy of the previously installed certificate, verify that the logged in user has the privileges files.

  5. In the Apple Certificates dialog box, select your certificate.

  6. Click Delete, and then confirm the deletion.

  7. Close the Apple Certificates dialog box.

  8. Click Reset CSR.

  9. Click Create CSR.

    The Create Apple MDM Signing Request dialog box appears.

  10. In the Create Apple MDM Signing Request dialog box:

    1. Type your Apple ID in the Email box.

    2. Type a name, preferably your Snow domain name, in the Common name box

    3. Click Generate.

      A .csr file is generated.

      image010.png
  11. Save the .csr file.

  12. Keep the Device Push Service dialog box open and go to https://identity.apple.com/pushcert in a web browser.

  13. In the Apple Push Certificates Portal:

    1. Sign in with your Apple ID credentials.

    2. Click Renew.

    3. Click Browse and navigate to your .csr file.

    4. Click Upload.

    5. Click Download.

      A .pem file is saved in your default download folder.

  14. In the Device Push Service dialog box, click Upload APN and open the downloaded .pem file.

    Note

    If, and only if, there is an error message with information that there was a problem with the last generated CSR-file, click Reset CSR and repeat step Step 9 to Step 14.

  15. Click Apply.

  16. In the Domain Settings dialog box, click Save.

    The MDM certificate is renewed.

Note

It is recommended that you delete all files that was generated during this process.