APNS Push Certificates


To communicate with the Apple APNS service, which is responsible for push notifications and profile submission to registered iOS devices, Relution requires a signed MDM push certificate. By default, such a certificate is stored in Relution with the installation and updates when you update Relution.

Renew MDM Push Certificates

As mentioned earlier, MDM push certificates need to be renewed on a regular basis, as they are only valid for 365 days. If you do not renew the certificate or revoke it, you will need to create a new certificate and all devices must be re-registered.

To create a CSR (Certificate Signing Request) based on your private key, please use the OpenSSL tools. You can create the CSR with the following command:

    $ openssl req -new -key customerPrivateKey.pem -out customer.csr

Where customerPrivateKey.pem is the private key you want to use. You should use the same private key that you used when you created the certificate. Otherwise you will have to enroll your devices. During the process you will be asked for the passphrase.

Now you need to send the CSR through our Relution Helpdesk→. The colleges will then sign the CSR so that Relution can send MDM pushes.

You will receive a .plist_encoded or .relution file that can be uploaded to the Apple Push Certificate Portal Apple Portal →.

After uploading the file to the portal, you can download the renewed MDM push certificate to download.

With the certificate, your private key that you used to generate the CSR, and the passphrase, you can create the .p12 file that Relution needs. You can use the following openSSL command to create the .p12 file you need:

    $ openssl pkcs12 -export -out newKeystore.p12
          -inkey myPrivateKey.pem -in myCertFromApple.pem

After you have created the certificate, you can upload it under Settings > Organization Certificates > Push Certificate for App Store