Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt
hiddentrue
nameAAPNS

Here you can upload your organizations Apple Push Notification Certificate.

Introduction

In order to communicate with Apple devices, CapaInstaller relies on the Apple Push Notification service (APNs). The APNs requires require that each service identifies itself by using a certificate issued by Apple, ensuring that only authorized services can contact Apple devices.

...

Info

New Apples Push Certificate Protocol

Apple has announced a new protocol must be used for the Apple Push Notification service as of March 29th, 2021 as well a new root certificate must be incorporated in the MDM solution.

In CapaInstaller 6.1 both was were implemented. To make installations simpler and easier to maintain, Apple Push Certificate is uploaded to CapaInstaller's Cloud service - the certificate is no longer installed on MDM server(s).

...

Check if you already have a Portal Access Token:

Portal Access Token


Open System Administration module in CapaInstaller Console, select Software Accounts and then right click on CapaOne and select Properties

If you have a Portal Access Token you don't need to do further.

If you don’t have an access token, follow this guide:

...

Step

Action

1

It’s recommended to run this wizard in console on the CapaInstaller Server.

In the " System Administration " module, select menu item "Actions", then select " Apple Push Certificate request."

Image RemovedImage Added

2

Wizard starts, press the "Next" button to proceed

Image RemovedImage Added

3

If the "Verify OpenSSL" isn't status Passed go to Install OpenSSL

If the "Verify access to CapaInstaller certificate request signing service" isn't status passed you must:

Try to open a browser on the machine from which you run this wizard. Open the following URL: https://api.capaone.com/certservice/status

Ensure that port 443 is opened from the CapaInstaller server out to the internet. The certificate request signing service is placed on a CapaInstaller server at port 443.

If “Verify OpenSSL” is passed, click Next

Image RemovedImage Added

4

Select an output folder. Press the "Start" button, and click "Next " when the certificate request is finished

Image RemovedImage RemovedImage AddedImage Added

5

Now you have created the certificate request which has been signed by CapaSystems and stored in the previously selected output folder

6

Select "Open Apple Push Certificates Portal"

Image RemovedImage Added

7

Log in with your Apple Push Certificates Portal account

8

Select "Renew " on the proper certificate

9

If this disclaimer appears then just accept it

Image Modified

10

Select "Choose File" and select the file named: “plist_encoded”, it is stored in the output directory.

In Notes field, type the name of the MDM server.

Click “Upload” Upload

Image RemovedImage Added

11

The certificate is created. Click Download to download the certificate.

NB! It’s recommended to add an event in your calendar about the that it will expire a month before the certificate's expiring date.

Image RemovedImage Added

12

Continue the wizard in the CapaInstaller Console.

Select "Create Certificate File" button in the CapaInstaller certificate Wizard in order to continue the certificate issuing process.

Image RemovedImage Added

13

In the "Apple certificate File" select the certificate downloaded from the Apple push Cert page. (Named: MDM_something.pem)

When that is done, press the start tab and then click next

Image RemovedImage Added

14

Now you have the Apple Push Certificate in your output folder (File extension is pfx)

Image RemovedImage Added

15

A new Apple Push Certificate has been generated and uploaded to CapaOne.

Image RemovedImage RemovedImage AddedImage Added

16

Logon to https://mdm.capaone.com  and select Certificates

Image Removed

17CapaOne for CapaInstaller and select Certificates

Check the certificate is uploaded and valid

Image RemovedImage Added