This documentation is for WSO2 IoT Server 3.0.0. View the documentation for the latest release.
Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.
Generating an MDM APNS Certificate - IoT Server 3.0.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

Follow the instructions below to generate the MDM Apple Push Notification Service (APNS) certificate:

Why is this step required?

You can register an iOS device with WSO2 IoT Server, with or without the WSO2 IoT Server's iOS agent. This certificate is required to carry out operations on the device that need to be triggered via the iOS agent, such as ringing the device, getting the device location, and sending notifications or messages to the device. Therefore, if you are not installing the iOS agent on your devices, you don't need this certificate.

Further, in iOS, the server passes messages to the client via the Apple Push Notification Service (APNS). When doing so in order to establish a secure connection between WSO2 IoT Server and the APNS server, a client SSL certificate needs to be generated and downloaded from Apple Inc. This APNS certificate is used to send an awake message to the iOS agent application.

  1. Go to the Apple Push Certificate Portal at and log in with your customer account details.

    You do not need to have an enterprise account for this purpose, all you need is your Apple ID. If you don't have one, create your Apple ID.

    1. Click Create Certificate and agree to the terms and conditions.
    2. Upload the encoded .plist file you received via email from WSO2.
    3. Download the generated MDM signing certificate (MDM_Certificate.pem). The MDM signing certificate is a certificate for 3rd party servers provided by Apple.
  2. Note down the USERID (TOPIC ID) from the MDM signing certificate (MDM_Certificate.pem) as it will be used later in the configuration. The MDM signing certificate can be decoded to obtain the USERID by executing the following command:

    openssl x509 -in MDM_Certificate.pem -text -noout
  3. Remove the password from your private key file (e.g., customerPrivateKey.pem).

    openssl rsa -in customerPrivateKey.pem -out customerKey.pem 
  4. Merge the customer key file that was derived in the latter step, with the MDM signing certificate to generate the MDM Apple Push Notification Service (APNS) Certificate.
    For example, merge the customerKey.pem file with the MDM_Certificate.pem file to generate the MDM_APNSCert.pem file.

    cat MDM_Certificate.pem customerKey.pem > MDM_APNSCert.pem
  5. Open the MDM Apple Push Notification service (APNs) Certificate (MDM_APNSCert.pem) and ensure that there is a line break between the contents of the two files.
    The content will look as follows:-----END CERTIFICATE----------BEGIN RSA PRIVATE KEY-----
    Therefore, add a line break to separate the 2 certificates after 5 - (dashes) so that the content will look like what's shown below:

    -----END CERTIFICATE-----
  6. Convert the MDM_APNSCert.pem file to the MDM_APNSCert.pfx file. You will need to provide a password when converting the file. Thereafter, follow the steps mentioned under iOS Platform Configurations.

    openssl pkcs12 -export -out MDM_APNSCert.pfx -inkey customerPrivateKey.pem -in MDM_APNSCert.pem

What's next?

  • Next, you need to generate the APNS certificate.
  • If you are not using the WSO2 IoTS iOS agent, you don't need to generate the APNS certificate.
    Therefore, you can more to the next step of configuring WSO2 IoTS with the iOS features by installing the P2 repository and configuring the server side settings. For more information, see iOS Server Configurations.
  • No labels