Generating An Apple Push Notification Service Certificate

1y ago
9 Views
0 Downloads
1.73 MB
30 Pages
Last View : 21d ago
Last Download : n/a
Upload by : Roy Essex
Transcription

www.novell.com/documentationGenerating an Apple PushNotification Service CertificateZENworks Mobile Management 2.5.x July 2012

Legal NoticesNovell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specificallydisclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify anyperson or entity of such revisions or changes.Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims anyexpress or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the rightto make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity ofsuch changes.Any products or technical information provided under this Agreement may be subject to U.S. export controls and the tradelaws of other countries. You agree to comply with all export control regulations and to obtain any required licenses orclassification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S.export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not usedeliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International TradeServices Web page (http://www.novell.com/info/exports/) for more information on exporting Novell software. Novell assumesno responsibility for your failure to obtain any necessary export approvals.Copyright 2012 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on aretrieval system, or transmitted without the express written consent of the publisher.Novell, Inc.1800 South Novell PlaceProvo, UT 84606U.S.A.www.novell.comOnline Documentation: To access the latest online documentation for this and other Novell products, see the NovellDocumentation Web page (http://www.novell.com/documentation).Novell TrademarksFor Novell trademarks, see the Novell Trademark and Service Mark list list.html).Third-Party MaterialsAll third-party trademarks are the property of their respective owners.

Table of ContentsApple Push Notification Service (APNs)4Generating an APNs Certificate6Generating an APNs Certificate from Windows Server 2003 . 6Creating the Certificate Signing Request (CSR) from IIS Manager 6. 6Uploading the CSR to the ZENworks Mobile Management CertificateRequest Portal . 9Uploading the Intermediate Certificate to the Apple Push Certificates Portal . 9Completing the Certificate Request from IIS Manager 6 . 13Generating an APNs Certificate from Windows Server 2008 . 18Creating the Certificate Signing Request (CSR) from IIS Manager 7. 18Uploading the CSR to the ZENworks Mobile Management CertificateRequest Portal . 21Uploading the Intermediate Certificate to the Apple Push Certificates Portal21Completing the Certificate Request from IIS Manager 7 . 25Uploading the APNs Certificate to ZENworks Mobile Management27Renewing an APNs Certificate29ZENworks Mobile Management 2.5.x Generating an APNs CertificateApple Push Notification Service (APNs) 3

Apple Push Notification Service(APNs)What Is APNsApple Push Notification service (APNs) is a highly secure and efficient system for communicating with iOSdevices over-the-air (OTA). Each device establishes an accredited and encrypted IP connection with theservice. The provider, in this case your ZENworks Mobile Management server, connects with and sends itsnotification to the APNs, which pushes the notification to the target device.An APNs certificate is required for Apple Push Notification service. The certificate must be renewed annually.This guide explains the process of obtaining the APNs certificate from Apple and provides instructions on howto upload the certificate to the ZENworks Mobile Management server via its dashboard.There are various methods of generating the APNs certificate, any of which you may use. This documentguides you through generating the certificate by using Microsoft Windows Internet Information Services (IIS)Manager, version 6 or 7.How APNs WorksApple Push Notification service works in conjunction with the built-in MDM protocol of Apple iOS devices.ZENworks Mobile Management uses the Apple Push Notification service to send notifications to the iOSdevice requesting information. Only notifications, not data, are not sent through the APNs server. The deviceresponds directly to the ZENworks Mobile Management server.The Apple MDM protocol provides the following functionality: Devices support Selective Wipe, Lock Device, and Clear Passcode Full Wipe and Lock Device commands are applied immediately You can record and access installed applications on devices You can record and access installed configuration profiles on devices You have access to additional device statistics Configuration profile updates require no user interaction Enterprise (in-house) apps Mobile App Management Manage VPP (Redemption) CodesZENworks Mobile Management 2.5.x Generating an APNs CertificateApple Push Notification Service (APNs) 4

Requirements ZENworks Mobile Management version 2.5.2 or later An Apple ID. We recommend that you do not use a personal Apple ID, but create a separatecorporate Apple ID for MDM. Associate the Apple ID with an email account that will remain with yourcompany – not an email account that belongs to an individual in the company. This facilitates asmooth certificate renewal process each year. Windows Server 2003 or 2008 (you need administrator permissions) Firefox or Safari Web browserAn Overview of the Steps to Obtain the Apple Push Notification Service Certificate1. Create a Certificate Signing Request (CSR). (This guide provides instructions for creating thecertificate from Microsoft Windows Internet Information Services (IIS) Manager, version 6 or 7.)2. Upload the CSR to the ZENworks Mobile Management Certificate Portal. Novell, Inc. signs the CSR.3. Upload the intermediate certificate (the CSR signed by Novell, Inc.) to the Apple Push CertificatesPortal. Apple issues the certificate.4. Download the signed certificate from the Apple Push Certificates Portal and complete the certificaterequest in IIS.5. Export the certificate to a file.6. Upload the certificate to the ZENworks Mobile Management server.Generating an Apple Push Notification Service Certificate for use with ZENworks MobileManagement for iOSZENworks Mobile Management 2.5.x Generating an APNs CertificateApple Push Notification Service (APNs) 5

Generating an APNs CertificateGenerating an APNs Certificate from Windows Server 2003The following instructions are for generating an APNs certificate from a Windows Server 2003 by usingInternet Information Services (IIS) Manager version 6. You can skip this section if you use Windows Server2008. Instructions for 2008 are in another section of this document.Creating the Certificate Signing Request (CSR) from IIS Manager 61. Select Start Control Panel Administrative Tools Internet Information Services (IIS)Manager.2. Right-click any Web site in the left panel. Select Properties.3. Select the Directory Security tab and then click the Server Certificates button in the Securitysection of the menu. This starts the Web Server Certificate Wizard. Click Next to continue.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 6

4. Select the Create a new certificate option and click Next.5. Select Prepare the request now, but send it later option and click Next.6. Enter a certificate name that is easily remembered. In the Bit length field, select 2048 for theencryption level, then select Select cryptographic service provider (CSP) for this certificate. ClickNext.7. From the Available Providers window, select Microsoft RSA SChannel Cryptographic Provider.Click Next.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 7

8. Enter the legal name of your Organization and the Organization unit, which is the departmentwithin your organization. Click Next.9. In the Common name field, enter a valid Apple ID. This does not need to be an Apple Developeraccount ID, but you should use an Apple ID that has been designated for managing the corporateAPNs certificate. The Apple ID might be in the form of an email address, or possibly a display name.Click Next.10. Enter the Country/Region, State/Province, and City/locality of your organization. Click Next.In the Certificate Request File Name window, save the CSR to your computer. Record the locationand filename. This is the file you will upload to the ZENworks Mobile Management CertificateRequest Portal. Click Next.11. Review the information for the certificate request in the Request File Summary window. To makerevisions, click the Back button. Click Next to accept, then click Finish.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 8

Uploading the CSR to the ZENworks Mobile Management Certificate Request PortalThe CSR file you generated through IIS must be signed by Novell before you can upload it to the Apple PushCertificates Portal. You will need: Access to the CSR file Your Novell login credentials1. Navigate to the ZENworks Mobile Management Certificate Portal athttps://zmmupdate.novell.com/apn2. Browse to select the CSR file.3. Click Get Signed Request.4. Save the signed request.You are now ready to upload the signed ZENworks.request file (the intermediate certificate) to the ApplePush Certificates Portal.Uploading the Intermediate Certificate to the Apple Push Certificates PortalAt the Apple Push Certificates Portal, you accept a license agreement and upload the intermediate certificatethat you downloaded from the ZENworks Mobile Management Certificate Portal. A new Apple signed pushcertificate is created for you to download.1. Browse to the Apple Push Certificates portal at: https://identity.apple.com/pushcert/2. Log in by using your Apple ID and password. This does not need to be an Apple Developeraccount ID, but you should use an Apple ID that has been designated for managing thecorporate APNs certificate.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 9

3. Select Create a Certificate.4. Read the Terms of Use and accept the End User License Agreement.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 10

5. Select and upload the intermediate certificate you downloaded from the ZENworks MobileManagement Certificate Portal.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 11

6. When the upload has finished, a new certificate for ZENworks Mobile Management appears.Select Download to download the Apple signed certificate.You are now ready to complete the CSR and export the APNs certificate to the ZENworks MobileManagement server.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 12

Completing the Certificate Request from IIS Manager 61. Return to the IIS Manager. Select Start Control Panel Administrative Tools InternetInformation Services (IIS) Manager.2. Right-click any Web site in the left panel. Select Properties.3. Select the Directory Security tab and then click the Server Certificates button in the Securitysection of the menu. This starts the Web Server Certificate Wizard. Click Next to continue.4. Select the Process the pending request and install the certificate option and click Next.5. Browse to the aps production identity.pem file that was provided by Apple. Click Next.6. On the Certificate Summary screen, verify that the certificate information is correct and click Next,then click Finish.7. Open the Microsoft Management Console (MMC). Click Start Run and enter MMC.8. From the File menu, select Add/Remove Snap-in.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 13

9. From the drop-down list at Snap-ins added to, select Console Root and click Add. On the AddStandalone Snap-in screen, select Certificates, then click Add.10. On the Certificates snap-in screen, select Computer account and click Next. Choose Localcomputer and click Finish.11. Click Close. Click OK on the Add/Remove Snap-in screen.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 14

12. At the Console Root, expand the directory. Select Certificates Personal Certificates. Right-clickon the certificate file and select All Tasks Export. This opens the Export Wizard. Click Next tocontinue.13. Select Yes to export the private key, then click Next.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 15

14. Select the Personal Information Exchange – PKCS #12 (.PFX) format and select the Enablestrong protection box. Click Next.15. Enter and confirm a password. You will need this password when you upload the certificate toZENworks Mobile Management. Click Next.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 16

16. Click the Browse button and select the .pfx file that you want to export. Click Next.17. Click Finish to complete the certificate export. You see a message that says the export wassuccessful.Now you are ready to upload the certificate to ZENworks Mobile Management. You need thefollowing: APNs certificate file (.pfx format) The password you set when exporting the certificateContinue with Upload the APNs Certificate to ZENworks Mobile Management.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 17

Generating an APNs Certificate from Windows Server 2008The following instructions are for generating an APNs certificate from Windows Server 2008 by using InternetInformation Services (IIS) Manager version 7. You can skip this section if you use Windows Server 2003.Instructions for 2003 are in another section of this document.Creating the Certificate Signing Request (CSR) from IIS Manager 71. Select Start Administrative Tools Internet Information Services (IIS) Manager.2. Select the server name in the left panel, then double-click the Server Certificates option in theSecurity section of the menu.3. From the Actions menu in the right panel, select Create Certificate Request. This starts the RequestCertificate Wizard.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 18

4. Enter the following in the Distinguished Name Properties window: Common name – Enter a valid Apple ID. This does not need to be an Apple Developeraccount ID, but you should use an Apple ID that has been designated for managing thecorporate APNs certificate. The Apple ID might be in the form of an email address, orpossibly a display name. Organization – The legal name of your organization Organization unit – The department within your organization City/locality – City in which your organization is located State/province – Abbreviation for the state or province in which your organization is located Country/region – Abbreviation for the country or region in which your organization is located5. Select Next.6. In the Cryptographic Service Provider Properties window, accept the default setting, Microsoft RSASChannel Cryptographic Provider. In the Bit length field, select 2048 for the encryption level. ClickNext.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 19

7. In the File Name window, save the CSR to your computer. Record the location and filename. ClickFinish. This is the file you will upload to the ZENworks Mobile Management Certificate RequestPortal.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 20

Uploading the CSR to the ZENworks Mobile Management Certificate Request PortalThe CSR file you generated by using IIS must be signed by Novell before you can upload it to the Apple PushCertificates Portal. You need: Access to the CSR file Your Novell login credentials1. Navigate to the ZENworks Mobile Management Certificate Portal at:https://zmmupdate.novell.com/apn2. Browse to select the CSR file.3. Click Get Signed Request.4. Save the signed request.You are now ready to upload the signed ZENworks.request file (the intermediate certificate) to the ApplePush Certificates Portal.Uploading the Intermediate Certificate to the Apple Push Certificates PortalAt the Apple Push Certificates Portal, you accept a license agreement and upload the intermediate certificatethat you downloaded from the ZENworks Mobile Management Certificate Portal. A new Apple signed pushcertificate is created for you to download.1. Browse to the Apple Push Certificates portal at: https://identity.apple.com/pushcert/ .ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 21

2. Log in by using your Apple ID and password. This does not need to be an Apple Developeraccount ID, but you should use an Apple ID that has been designated for managing thecorporate APNs certificate.3. Select Create a Certificate.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 22

4. Read the Terms of Use and accept the End User License Agreement.5. Select and upload the intermediate certificate you downloaded from the ZENworks MobileManagement Certificate Portal.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 23

6. When the upload has finished, a new certificate for ZENworks Mobile Management appears.Select Download to download the Apple signed certificate.You are now ready to complete the CSR and export the APNs certificate to the ZENworks MobileManagement server.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 24

Completing the Certificate Request from IIS Manager 71. Return to Internet Information Services (IIS) Manager Server Certificates and select CompleteCertificate Request from the Actions menu in the right panel. This starts the Complete CertificateRequest Wizard.2. Browse to the aps production identity.pem file that was provided by Apple and enter a friendly name.This is simply a label you give the certificate to easily distinguish it. You might want to give it a namein which your company is identified.3. Select OK to install the certificate to the server. You should see the certificate listed in the centerpanel of Server Certificates.ZENworks Mobile Management 2.5.x Generating an APNs CertificateGenerating an APNs Certificate 25

4. Export the certificate so that it can be uploaded to ZENworks Mobile Management. Right-click thecertificate you just installed and select Export.5. Save the file to your Desktop in the .pfx format. You must set a password. You will need thispassword when you upload the certificate to ZENworks Mobile Management.You have successfully generated your APNs certificate.Now you are ready to upload the certificate to ZENworks Mobile Management. You need thefollowing: APNs certificate file (.pfx format) The password you set when exporting the c

Generating an APNs Certificate from Windows Server 2003 The following instructions are for generating an APNs certificate from a Windows Server 2003 by using Internet Information Services (IIS) Manager version 6. You can skip this section if you use Windows Server 2008. Instructions for 2008 are in another section of this document.