This documentation is for WSO2 Enterprise Mobility Manager 2.2.0. View documentation for the latest release.
Page Comparison - Obtaining the Signed CSR File and P2 Repository (v.27 vs v.28) - Enterprise Mobility Manager 2.2.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 25
titleBefore you begin

To test out the iOS device enrollment process of WSO2 EMM, you need to have the required certificates made available via Apple, for this you can use one of the following approaches:

  • Make a request to WSO2, who is a registered EMM vendor with Apple, and get your certificate signed 
    When following this approach, carry out the steps mentioned under Obtaining the Signed CSR file. After submitting the CSR file, a WSO2 Account Manager will contact you in due course to evaluate your request. 

    • WSO2 only issues signed certificates to organizations who have successfully passed the evaluation process.
    • The signed certificate is only valid for a year. Once the certificate expires, you can renew it and as explained below:
      If you have subscribed to WSO2 to receive production support, raise a ticket to renew your expired certificate and the WSO2 team will get back to you with the renewed certificate.Once the certificate is renewed, you need to add the newly generated certificate under iOS platform configurations in the WSO2 EMM console as explained in step 5 of the iOS platform configuration guide.
  • Get your own certificate signed by Apple 
    You can use this method, if you were not successful in the WSO2 CSR evaluation process or if you wish to get your certificate directly signed by Apple. When following this approach, initially, register your organization with the Apple Developer Enterprise Program. Thereafter, follow the steps mentioned in MDM Vendor CSR Signing Overview

    After getting your own certificate, fill the Contact Us form, select IoT as the area of interest, and request for the P2 repository, which is needed to configure WSO2 EMM for iOS. If you want to customize the WSO2 iOS agent application, you can find the source code here.

Submitting the Signed CSR file

Follow the instructions below to obtain the signed CSR file in the .plst format:

  1. Create a Certificate Signing Request (CSR) file (e.g., customer.csr)  from the IoT EMM server using your private key. Keep your private key and CSR file in a safe location for further reference.

    Code Block
    openssl genrsa -des3 -out customerPrivateKey.pem 2048
    openssl req -new -key customerPrivateKey.pem -out customer.csr

    After the above command is executed, you will be prompted to enter some information. Make sure to fill in all the information as it will be incorporated into the CSR with your organization’s official details. The compulsory fields have been described as follows:



    Organization Name

    Identifies what organization the CSR belongs to.


    When a certificate expires, the customers will have to renew their certificate. In such situations, the email will be used to identify the existing customers.

    Common name

    Fully qualified domain name of your server.


    If the compulsory information is not provided, the CSRs will be rejected in the signing process.

    The following is a screenshot of a sample CSR file generation process in Linux. The same process is applicable to Mac users as well.

  2. Email Submit the CSR file to WSO2 via our site in order to obtain the signed CSR file in .plist format.


    A WSO2 Account Manager

    that reached out to you and obtain the signed CSR file in .plist format

    will evaluate the CSR file that you submitted and will get in touch with you in due course. After you successfully complete the evaluation process, you will receive an email with the following:

    • WSO2 MDM Connector for iOS
      This contains the P2 repository with the iOS features, End User License Agreement (EULA) and the README.txt.
      The README.txt includes the installation instructions and the URL to the emm-agent-ios repository, which contains the agent source code.
    • The signed CSR file in the .plst format

What's next?

You need to generate the Apple Push Notification Service (APNS) certificate and the MDM APNS certificate via the Apple Developer Program. For more information, see Generating Certificates from the Apple Developer Portal.