Home

Part 1: Setting Up the MDM Environment and Generating Certificates

 Part 1: Setting Up the MDM Environment and Generating Certificates

Part 1: Setting Up the MDM Environment and Generating Certificates

Introduction to MDM

Mobile Device Management (MDM) allows organizations to manage and secure their iOS devices from a central server. MDM enables administrators to install or remove apps, manage settings, enforce security policies, and control access to sensitive information.

Prerequisites

Ensure you have the following prerequisites before starting the setup:

  1. Publicly Accessible Linux/Unix Server: A server that can be reached from the internet.
  2. Apple Enterprise and Developer Accounts: Required to manage apps and certificates.
  3. Python 2.7: Essential for running server scripts.
  4. Openssl: Command-line tool for handling certificates.
  5. Java SDK (java/javac): Needed for key generation and signing.
  6. Apple’s iPhone Configuration Utility: Available for macOS and Windows for creating configuration profiles.

Step 1: Create MDM Vendor Certificate Signing Request (CSR)

  1. Open Keychain Access on macOS:

    • Go to Keychain Access -> Certificate Assistant -> Request a Certificate From a Certificate Authority.

  2. Enter Details:

    • Use the email associated with your Apple Developer account.
    • Enter a common name for easy identification of your certificate.

  3. Save the CSR File:

    • Select Saved to disk and save the file (e.g., mdm_vendor.csr).

Step 2: Upload CSR to Apple

  1. Access Apple’s Certificates, Identifiers & Profiles Portal:
    • Navigate to the MDM section under Production certificates.
  2. Contact Apple if MDM CSR Option is Disabled:
  3. Upload the CSR:
    • Upload the mdm_vendor.csr file and generate a .cer file, saving it as mdmvendor.cer.

Step 3: Export MDM Private Key

  1. Open the .cer File in Keychain Access:
    • Right-click the private key associated with the certificate, select Export..., and save it as private.p12.

Step 4: Create a Push Certificate CSR

    1. Generate the CSR:
      • Open Keychain Access and request another certificate using the same steps as before.
      • Save the request as push.csr.