Generating and Renewing an APNs Certificate for AirWatch

Generating and Renewing an APNs Certificate for AirWatch
Generating and Renewing an APNs
Certificate for AirWatch
APNs Certificate Authentication with AirWatch v6.1 SP1 and higher
© 2013 AirWatch, LLC. All Rights Reserved.
This document, as well as the software described in it, is furnished under license. The information in this manual may only be used in accordance
with the terms of the license. This document should not be reproduced, stored or transmitted in any form, except as permitted by the license or by
the express permission of AirWatch, LLC.
Other product and company names referenced in this document are trademarks and/or registered trademarks of their respective companies.
Generating and Renewing an APNs Certificate for AirWatch | v.2013.09 | September 2013
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
Contents
Overview.....................................................................................................................................2
What is an APNs Certificate? .................................................................................................................................. 2
Generating an APNs Certificate for MDM .............................................................................................................. 2
Generating an APNs Certificate...................................................................................................3
Downloading the AirWatch-Signed CSR from the AirWatch Admin Console ......................................................... 3
Uploading the AirWatch-Signed CSR to the Apple Push Certificate Portal ............................................................ 3
Uploading the APNs Certificate to AirWatch .......................................................................................................... 4
Regenerating an APNs Certificate ...............................................................................................6
Renewing Your APNs Certificate from the Apple Push Certificate Portal .............................................................. 6
Entering the Certificate into the AirWatch Admin Console.................................................................................... 8
FAQ .............................................................................................................................................9
Why do you need an Apple APNs certificate? ........................................................................................................ 9
What if I want to use AirWatchs Software as a Service Infrastructure? ................................................................ 9
Do we need a certificate for a trial? ....................................................................................................................... 9
Generating and Renewing an APNs Certificate for AirWatch | v.2013.09 | September 2013
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
Page 1
Overview
Administrators of iOS devices must generate and upload an Apple Push Notification service (APNs) certificate in
order to manage iOS devices. AirWatch helps iOS administrators quickly and easily complete this process by
breaking it down into a few simple steps.
What is an APNs Certificate?
The Apple Push Notification service (APNs) is used to allow AirWatch to securely communicate to the smart device
fleet over-the-air (OTA). AirWatch uses the APNs certificate to send notifications to devices when the Administrator
requests information or during a defined monitoring schedule. No data is sent through the APNs server, only the notification.
Generating an APNs Certificate for MDM
This document guides you through the process of generating your APNs certificate from Apple. Generating the
APNs certificate is a three step process:

Download the AirWatch-Signed CSR from the AirWatch Admin Console.

Upload the AirWatch-Signed CSR to the Apple Push Certificate Portal.

Upload the APNs Certificate into AirWatch.
Before you begin please ensure the following prerequisites:

Mac OS X workstation or Windows Server with Administrator permissions

Safari, Firefox, or Chrome Web browser (Internet Explorer is not supported.)
Generating and Renewing an APNs Certificate for AirWatch | v.2013.09 | September 2013
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
Page 2
Generating an APNs Certificate
IMPORTANT: To perform this task, ensure your AirWatch Admin Account has access to the highest AirWatch Location Group. Also, you must
perform this task with the highest Group selected in the AirWatch Console. If your Admin Account does not have access to the highest Location
Group and if you do not select the highest Group level, you cannot access the necessary settings and you cannot apply the certificates to all the iOS
devices in the company hierarchy.
Downloading the AirWatch-Signed CSR from the AirWatch Admin Console
1.
Log in to your AirWatch environment.
2.
Navigate to Configuration ► System Configuration from the AirWatch Admin Console main menu.
3.
Navigate to Devices & Users ► Apple ► APNs For MDM.
4.
Click Generate New Certificate.
5.
Click Save.
Uploading the AirWatch-Signed CSR to the Apple Push Certificate Portal
1.
Open an Internet browser and navigate to the Apple Push Certificates Portal website.
(https://identity.apple.com/pushcert/)
2.
Sign in using a valid Apple ID and password.
Note: An Apple Developer Account is not required for sign in. While any valid Apple ID will work, we recommend you create a separate Apple ID
linked to a corporate email account for long-term maintainability.
3.
Click Create a Certificate.
4.
Select the I have read and agree to these terms and conditions checkbox.
5.
Click Accept.
Generating and Renewing an APNs Certificate for AirWatch | v.2013.09 | September 2013
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
Page 3
6.
Click Browse and navigate to the AirWatch-signed CSR downloaded from the AirWatch Certificate
Portal.
7.
Click Upload. A new Certificate for AirWatch MDM appear.
8.
Click Download and save the Apple-signed certificate to an accessible location.
Note: The document must be in.pem file format.
Uploading the APNs Certificate to AirWatch
1.
Return to the AirWatch Admin Console and click Next.
2.
Upload the Apple-signed certificate to AirWatch using the same Apple ID used to sign into the Apple
Push Certificates Portal website previously.
3.
Click Next.
4.
Verify details on the Summary Page.
Note: When generating and regenerating at a top-level Organization Group, set child groups to inherit or override settings.
Generating and Renewing an APNs Certificate for AirWatch | v.2013.09 | September 2013
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
Page 4
5.
Click Save.
Generating and Renewing an APNs Certificate for AirWatch | v.2013.09 | September 2013
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
Page 5
Regenerating an APNs Certificate
One year after you have generated your APNs certificate for MDM, you must regenerate the certificate in order to
continue managing iOS devices.
IMPORTANT: To perform this task, ensure your AirWatch Admin Account has access to the highest AirWatch Location Group. Also, you must
perform this task with the highest Group selected in the AirWatch Console. If your Admin Account does not have access to the highest Location
Group and if you do not select the highest Group level, you cannot access the necessary settings and you cannot apply the renewed certificates to
all the iOS devices in the company hierarchy.
Renewing Your APNs Certificate from the Apple Push Certificate Portal
IMPORTANT: You must renew the certificate with the same Apple ID credentials used to get the original certificate. If you use different credentials,
you are not renewing the certificate but getting a new certificate. When you apply this new certificate to the AirWatch Admin Console, the
communication breaks between the AirWatch Admin Console and the iOS devices associated with the original certificate. You must then re-enroll
every iOS device associated with the original certificate. Using the same Apple ID credentials saves the effort of having to re-enroll all your iOS
devices.
1.
From the AirWatch Admin Console menu, navigate to Configuration►System Configuration ►
Devices & Users ► Apple ► APNs for MDM.
2.
Click Renew.
3.
Right-click the .plist file and download it to an accessible location.
4.
Click Go To Apple.
5.
Sign in using the same Apple ID used to sign into the Apple Push Certificates Portal website
previously.
Generating and Renewing an APNs Certificate for AirWatch | v.2013.09 | September 2013
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
Page 6
6.
Click Renew for the certificate due to expire.
7.
Click Choose File.
8.
Navigate to the .plist file in the explorer window and click Open.
9.
Click Upload.
10.
Click Download to retrieve the new certificate. Although this is a renewed certificate, it displays as if
it were a new certificate and you should now work with this version.
Generating and Renewing an APNs Certificate for AirWatch | v.2013.09 | September 2013
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
Page 7
Entering the Certificate into the AirWatch Admin Console
1.
Return to the AirWatch Admin Console and click Next.
2.
Upload the Apple-signed certificate to AirWatch using the same Apple ID used to sign into the Apple
Push Certificates Portal website previously.
3.
Click Next.
4.
Verify details on the Summary Page.
Note: When generating and regenerating at a top-level Organization Group, set child groups to inherit or override settings.
5.
Click Save.
Generating and Renewing an APNs Certificate for AirWatch | v.2013.09 | September 2013
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
Page 8
FAQ
Why do you need an Apple APNs certificate?
Apple requires each organization maintain their own certificate to ensure a secure mechanism for their corporate
devices to communicate across Apple’s push notification messaging network.
What if I want to use AirWatchs Software as a Service Infrastructure?
The requirement is the same. Regardless of whether your organization deploys in AirWatch’s SaaS environment,
an appliance or on premise, your AirWatch MDM environment and all communication with your organization’s
devices is validated based upon your organization’s APNs certificate.
Do we need a certificate for a trial?
Yes. In order to manage any of your organization’s devices, AirWatch is required to use your organization’s
specific APNs certificate. AirWatch does not have the ability to provide a “demo” or temporary certificate for
testing.
Generating and Renewing an APNs Certificate for AirWatch | v.2013.09 | September 2013
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
Page 9
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising