3.11.6 Procedure for creating an MDM signed-certificate request file (when managing iOS devices)

To create MDM client certificates, you need to change the format of the MDM certificate request file, and then create an MDM signed-certificate request file. You need to perform this procedure only when managing iOS devices.

Prerequisites

• You must purchase a license for the Apple Developer Enterprise Program.

• You must contact Apple to register as MDM vendor.

• You must perform the procedure on a Mac PC.

• You must download the MDM certificate request file (mdm.cer) in advance.

Procedure

1. Double-click the downloaded MDM certificate request file (mdm.cer) to import it to Keychain Access, and then export the file in PKCS#12 format.

   Specify vendor.p12 as the export file name.

   Tip

   Set a password when exporting the file. The password set here will be registered in step 6.

2. Obtain the following root certificate and intermediate certificate from Apple:

   • Apple Inc. Root Certificate (AppleIncRootCertificate.cer)

   • WWDR Certificate (AppleWWDRCA.cer)

     Important

     The name of the root certificate and intermediate certificate might be different. For details, see the information provided by Apple.

3. From the terminal, execute the following commands provided from OS to convert the cer files to pem format:

   openssl x509 -inform der -in mdm.cer -out mdm.pem
   openssl x509 -inform der -in AppleWWDRCA.cer -out intermediate.pem
   openssl x509 -inform der -in AppleIncRootCertificate.cer -out root.pem

4. Execute the following commands from the terminal to create a customer certificate request:

   • Create a private key:

   openssl genrsa -des3 -out customerPrivateKey.pem 2048

   • Create the customer certificate request:

   openssl req -new -key customerPrivateKey.pem -out customer.csr

   • Convert the customer certificate request to der file format:

   openssl req -inform pem -outform der -in customer.csr -out customer.der

5. Copy the following five created files to the communication server:

   • customer.der

   • vendor.p12

   • mdm.pem

   • intermediate.pem

   • root.pem

6. Execute the following command from the command prompt to create an MDM signed-certificate request file:

   sdmcreatemdmcertreq -f "folder-storing-files" -o "MDM-signed-certificate-request-file-output-folder" -a common-name-set-when-creating-the-certificate-request-file -p password-set-when-exporting-vendor.p12

Postrequisites

Create MDM client certificates.

Related Topics

• 3.11.4 Flow of obtaining the MDM client certificate for SSL communication for the APNs server (when managing iOS devices)

• 3.11.5 Procedure for downloading the MDM certificate request file (when managing iOS devices)

• 3.11.7 Procedure for creating MDM client certificates (when managing iOS devices)

• 15. sdmcreatemdmcertreq (creating an MDM signed-certificate request file)

To Page Top