Page Comparison

Introduction

...

Info

In order to communicate with Apple devices, CapaInstaller relies on the Apple Push Notification service (APNs). The APNs requires that each service identifies itself by using a certificate issued by Apple, ensuring that only authorized services can contact Apple devices.

Before an APNs certificate can be issued using the Apple Push Certificate Portal, a certificate request must be generated and signed by an authorized MDM vendor, in this case, CapaSystems A/S.

To upload the certificate request to Apple, an Apple ID is required. It is strongly recommended that a unique Apple ID is created for this purpose, DO NOT use your personal Apple ID for this.

The current Apple Push Notification Service expires 29. marts 2021 and a new service is implemented.

In CapaInstaller 6.1 the Apple Push Certificate is uploaded to CapaOne Cloud service instead of being installed on the on-premise MDM server. Run the wizard and afterwards check on https://mdm.CapaOne.Com that the certificate has been uploaded.

Request and generate or update an Apple Push Certificate

...

Step Action
1
In the "System Administration" menu module, select menu item "Actions", you will find the then select "Apple Push Certificate request.."
2
Wizard starts, press the "Next" button to proceed
3
If the "Verify OpenSSL" isn't status Passed go to Install OpenSSL
If the "Verify access to Capainstaller certificate request signing service" isn't status passed you must:
First, try to open a browser on the machine from which you run this wizard. Open the following URL: http://certservice.capainstaller.com:7000/status
Ensure that port 7000 is opened from the CapaInstaller server out to the internet. The certificate request signing service is placed on a Capainstaller server at port 7000.
4
Select an output folder. Press the "Start" button, and click "Next" when the certificate request is finished
5 Now you have created the certificate request which has been signed by CapaSystems and stored in the previously selected output folder
6
Press the "Open Apple Push Certificates Portal"
7
Login with your Apple Push Certificates Portal account
8
Press the "Renew" tab
9
If this disclaimer appears then just accept it

10
Press "Choose File" and select the file named: plist_encoded, it is stored in the output directory, and click "upload"
11
Now you should get the real certificate as shown in the picture.
First, you should open your calendar and insert an alert that will expire a month before the certificate's expiring date. This will help you recall when to get a new certificate.
12738px
You should now press the "Create Certificate File" button in the CapaInstaller certificate Wizard in order to continue certificate issuing process.
13
In the "Apple certificate File" select the certificate downloaded from the Apple push Cert page. (Named: MDM_something.pem)
When that is done, press the start tab and then click next
14
Now you have the Apple Push Certificate in your output folder (File extension is pfx)
Image RemovedImage Added
15
Now you need to open MMC
Image RemovedImage Added
16 In MMC, click on → file → Add/remove snap-in...
17
Click on Certificates, and click Add.Image Removed

18
Click on "Computer account" and click next.
Image Removed

19
Now click "Local computer: (the computer this console is running on)" and click finishImage Removed

20
Click "OK"Image Removed

21
Now expand Certificates, Right-click "personal" and under "All Tasks" click "Import"Image Removed

22
Click nextImage Removed

23
Browse your certificate now, and click nextImage Removed

24
Click nextImage Removed

25
Click NextImage Removed

26
Click finish
Image Removed

27
Now under "certificates", you can see your renewed Apple Push Certificate
Image Removed

28
Now go back to the CI Console → Click on System Administration → Right-click your MDM Service → Click on Service Settings
Image Removed

29
Under Service settings, click the configuration tab, scroll down to "Apple Push Certificates", click on the "..."Image Removed

30
Click on the "..."
Image Removed

31
select the renewed certificate, and click ok
Image Removed

32
now open the certificate store by opening run and typing "Certlm.msc" and then press Enter Image Removed

33
Right-click the Apple push certificate and click on "open" then go to the "Details" tap and find the "Thumbprint" menu and copy the text in the menu Image Removed

34
Paste the copied text under "thumbprint" in the Capa console and click "ok"Image Removed

35
Now click ok Image Removed

36
Now restart your MDM Service, and you have renewed your Apple Push CertificateImage Removed

37 You made it well done!
...

Versions Compared

Old Version 1

New Version 2

Key

Introduction

The current Apple Push Notification Service expires 29. marts 2021 and a new service is implemented.

Request and generate or update an Apple Push Certificate

Step	Action
1	In the "System Administration" menu module, select menu item "Actions", you will find the then select "Apple Push Certificate request.."
2	Wizard starts, press the "Next" button to proceed
3	If the "Verify OpenSSL" isn't status Passed go to Install OpenSSL If the "Verify access to Capainstaller certificate request signing service" isn't status passed you must: First, try to open a browser on the machine from which you run this wizard. Open the following URL: http://certservice.capainstaller.com:7000/status Ensure that port 7000 is opened from the CapaInstaller server out to the internet. The certificate request signing service is placed on a Capainstaller server at port 7000.
4	Select an output folder. Press the "Start" button, and click "Next" when the certificate request is finished
5	Now you have created the certificate request which has been signed by CapaSystems and stored in the previously selected output folder
6	Press the "Open Apple Push Certificates Portal"
7	Login with your Apple Push Certificates Portal account
8	Press the "Renew" tab
9	If this disclaimer appears then just accept it
10	Press "Choose File" and select the file named: plist_encoded, it is stored in the output directory, and click "upload"
11	Now you should get the real certificate as shown in the picture. First, you should open your calendar and insert an alert that will expire a month before the certificate's expiring date. This will help you recall when to get a new certificate.
12738px	You should now press the "Create Certificate File" button in the CapaInstaller certificate Wizard in order to continue certificate issuing process.
13	In the "Apple certificate File" select the certificate downloaded from the Apple push Cert page. (Named: MDM_something.pem) When that is done, press the start tab and then click next
14	Now you have the Apple Push Certificate in your output folder (File extension is pfx) Image RemovedImage Added
15	Now you need to open MMC Image RemovedImage Added
16	In MMC, click on → file → Add/remove snap-in...
17	Click on Certificates, and click Add.Image Removed
18	Click on "Computer account" and click next. Image Removed
19	Now click "Local computer: (the computer this console is running on)" and click finishImage Removed
20	Click "OK"Image Removed
21	Now expand Certificates, Right-click "personal" and under "All Tasks" click "Import"Image Removed
22	Click nextImage Removed
23	Browse your certificate now, and click nextImage Removed
24	Click nextImage Removed
25	Click NextImage Removed
26	Click finish Image Removed
27	Now under "certificates", you can see your renewed Apple Push Certificate Image Removed
28	Now go back to the CI Console → Click on System Administration → Right-click your MDM Service → Click on Service Settings Image Removed
29	Under Service settings, click the configuration tab, scroll down to "Apple Push Certificates", click on the "..."Image Removed
30	Click on the "..." Image Removed
31	select the renewed certificate, and click ok Image Removed
32	now open the certificate store by opening run and typing "Certlm.msc" and then press Enter Image Removed
33	Right-click the Apple push certificate and click on "open" then go to the "Details" tap and find the "Thumbprint" menu and copy the text in the menu Image Removed
34	Paste the copied text under "thumbprint" in the Capa console and click "ok"Image Removed
35	Now click ok Image Removed
36	Now restart your MDM Service, and you have renewed your Apple Push CertificateImage Removed
37	You made it well done!