MDM push certificate creation

Question

I\'m interesting in creation of PushCertWebRequest (this is from apple documentation) I have found a lot of docs how to do this for 3rd party vendors like Air-watch and so on, b

Answer 1

• create a CSR using any toolkit, i.e. KeyChain Access on Mac System, then export private key as 'vendor.p12'

• log in to Apple Member Center, and go to 'iOS Provisioning Portal'

• select 'Certificates' on the left navigation bar, and click 'Other' tab on the center.

• follow the instruction on that page, and upload the CSR you created.

• then the certificate for you as a MDM vendor will be available to download on the 'Other' tab. And download it.

• download WWDR intermediate certificate.

• download Apple root certificate.

• execute below openssl command to convert MDM vendor certificate, WWDR certificate, and Apple root certificate to PEM format one by one :

  openssl x509 -inform der -in mdm_identity.cer -out mdm.pem

  openssl x509 -inform der -in AppleWWDRCA.cer -out intermediate.pem

  openssl x509 -inform der -in AppleIncRootCertificate.cer -out root.pem

• Then use the attached Java program in the softthinker webpage to generate encoded plist. You need to replace the placeholder in the java package with your own ones because the provided on the java package is just sample one(zero size) which are:

customer.der, vendor.p12, mdm.pem, intermediate.pem, root.pem

• Now first verify the generated plist.xml format that should match with the sample plist.xml provided in MDM Protocol Reference document.

• If plist.xml is in appropriate format then upload the encoded_plist to portal . So we need to take care that plist.xml is just for our reference this is not for upload.For upload encoded_plist only. After that download the certificate from portal.

Answer 2

Please see detailed steps and source code here to generate plist.

Answer 3

I ported the softhinker java code to python, and added a few nice things. It's available on GitHub: http://www.github.com/grinich/mdmvendorsign.