To test out the iOS device enrollment process of WSO2 EMM, you need to have the required certificates made available via Apple, for this you can use one of the following approaches:
Make a request to WSO2, who is a registered EMM vendor with Apple, and get your certificate signed
When following this approach, carry out the steps mentioned under Obtaining the Signed CSR file. After submitting the CSR file, a WSO2 Account Manager will contact you in due course to evaluate your request.
- WSO2 only issues signed certificates to organizations who have successfully passed the evaluation process.
- The signed certificate is only valid for a year. Once the certificate expires, you can renew it and as explained below:
If you have subscribed to WSO2 to receive production support, raise a ticket to renew your expired certificate and the WSO2 team will get back to you with the renewed certificate.Once the certificate is renewed, you need to add the newly generated certificate under iOS platform configurations in the WSO2 EMM console as explained in step 5 of the iOS platform configuration guide.
- Get your own certificate signed by Apple
You can use this method, if you were not successful in the WSO2 CSR evaluation process or if you wish to get your certificate directly signed by Apple. When following this approach, initially, register your organization with the Apple Developer Enterprise Program. Thereafter, follow the steps mentioned in MDM Vendor CSR Signing Overview.
After getting your own certificate, fill the Contact Us form, select IoT as the area of interest, and request for the P2 repository, which is needed to configure WSO2 EMM for iOS. If you want to customize the WSO2 iOS agent application, you can find the source code here.
Submitting the Signed CSR file
Follow the instructions below to obtain the signed CSR file in the
Create a Certificate Signing Request (CSR) file (e.g.,
customer.csr) from the EMM server using your private key. Keep your private key and CSR file in a safe location for further reference.
openssl genrsa -des3 -out customerPrivateKey.pem 2048
openssl req -new -key customerPrivateKey.pem -out customer.csr
After the above command is executed, you will be prompted to enter some information. Make sure to fill in all the information as it will be incorporated into the CSR with your organization’s official details. The compulsory fields have been described as follows:
Identifies what organization the CSR belongs to.
When a certificate expires, the customers will have to renew their certificate. In such situations, the email will be used to identify the existing customers.
Fully qualified domain name of your server.
If the compulsory information is not provided, the CSRs will be rejected in the signing process.
The following is a screenshot of a sample CSR file generation process in Linux. The same process is applicable to Mac users as well.
Submit the CSR file to WSO2 via our site in order to obtain the signed CSR file in
You need to generate the Apple Push Notification Service (APNS) certificate and the MDM APNS certificate via the Apple Developer Program. For more information, see Generating Certificates from the Apple Developer Portal.