APNS Push Certificates

Introduction

To communicate with the Apple APNS service, which is responsible for push notifications and profile submission to registered iOS devices, Relution requires a signed MDM push certificate. By default, such a certificate is stored in Relution with the installation and updates when you update Relution.

In the following, we have deliberately omitted instructions on how to recreate APNS certificates, as this has caused problems for quite a few of our customers in the past, as the certificates were not renewed before expiry. This must be done manually if you are not using the Relution default certificate. If the own APNS certificates are not renewed BEFORE expiration, the devices have to be re-enrolled. Switching from your own APNS certificates back to the Relution Standard certificates is not possible.

MDM push certificates are valid for 365 days and it is mandatory to renew them before expiration.

Renew MDM Push Certificates

As mentioned earlier, MDM push certificates need to be renewed on a regular basis, as they are only valid for 365 days. If you do not renew the certificate or revoke it, you will need to create a new certificate and all devices must be re-registered.

To create a CSR (Certificate Signing Request) based on your private key, please use the OpenSSL tools. You can create the CSR with the following command:

    $ openssl req -new -key customerPrivateKey.pem -out customer.csr

Where customerPrivateKey.pem is the private key you want to use. You should use the same private key that you used when you created the certificate. Otherwise you will have to enroll your devices. During the process you will be asked for the passphrase.

Now you need to send the CSR through our Relution Helpdesk→. The colleges will then sign the CSR so that Relution can send MDM pushes.

You will receive a .plist_encoded or .relution file that can be uploaded to the Apple Push Certificate Portal Apple Portal →.

You must use the same Apple ID that you used to create the certificate. It is recommended to download and backup the old certificate before uploading the new one.

After uploading the file to the portal, you can download the renewed MDM push certificate to download.

With the certificate, your private key that you used to generate the CSR, and the passphrase, you can create the .p12 file that Relution needs. You can use the following openSSL command to create the .p12 file you need:

    $ openssl pkcs12 -export -out newKeystore.p12
          -inkey myPrivateKey.pem -in myCertFromApple.pem

After you have created the certificate, you can upload it under Settings > Organization Certificates > Push Certificate for App Store