Registration

Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
http://scn.sap.com
Thank you,
The SAP Community team.
Skip to end of metadata
Go to start of metadata

Generating an APNS Certificate on a Mac

  1. On your Mac, navigate to Applications > Utilities > Keychain Access.

  2. In the Menu bar at the top of the desktop window, choose Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority.

  3. In the Certificate Information window:

    1. In the User Email Address field, enter your email address.
    2. In the Common Name field, enter your name.
    3. In the “Request is” group, select the “Saved to disk” option.
    4. Select the “Let me specify key pair information” option.
  4. Click Continue.
  5. For ease of access, choose your desktop as the location of the .CSR file.

  6. In the Key Pair Information pane, choose 2048 as the key size and “RSA” as the algorithm.

  7. Click Continue. The Certificate Assistant then saves the .CSR file to your desktop.

Generating an APNS Certificate on a Windows Server using IIS Manager

  1. Click on the Start Menu, go to Administrative Tools, and click on Internet Information Services (IIS) Manager.

  2. Click on the name of the server in the Connections column on the left.

  3. Under the IIS section in the center window pane, double-click “Server Certificates”

  4. In the Actions column on the right, click on Create Certificate Request...

  5. On the Distinguished Name Properties window, enter the following information:

    1. Common Name – The name of the person generating the request (any name can be entered into this field).

    2. Organization – The legal name of your organization.
    3. Organizational Unit – The division of your organization handling the certificate (Most CAs don’t validate this field).
    4. City/Locality – The city where your organization is located.
    5. State/province – The state/region where your organization is located.
    6. Country/Region – The two-letter ISO code for the country where your organization is located.
  6. Leave the default Cryptographic Service Provider (Microsoft RSA...). Increase the Bit Length to 2048. Click Next.
  7. Click the button with the three dots and enter a location and filename where you want to save the CSR file. Click Finish.

Upload the CSR to the Apple Developer Program and download the APNS certificate

  1. In a web browser (preferably Safari), go to the Apple Developer Program website: https://developer.apple.com

  2. Sign in using your Apple ID and password. (NOTE: This must be the Apple ID that was used to create the iOS Developer files for obtaining the custom Afaria client application.)

  3. Once logged in, navigate to the "Certificates, Identifiers, & Profiles" section.

  4. Select "Identifiers" > App IDs.

  5. From the list of App IDs, select the App ID used for the custom Afaria Client application. For instance, if the bundle id of your custom Afaria Client is "com.saptest.afariaclient", you must select the App ID from the list that has this bundle id.

  6. Click Edit.

  7. Under "Push Notifications", select the "Create Certificate..." button for Production SSL Certificate.
    IMPORTANT NOTE: If the "Push Notifications" service was not enabled on the App ID during the time you obtained the custom Afaria client, you will need to re-obtain the custom client once you have Push Notifications enabled. This will involve having to redownload the Provisioning Profile used to sign the custom Afaria application and re-installing the client on all iOS devices. Otherwise, push messages won't be able to be sent to the custom Afaria application on any iOS device the application was installed on prior to enabling the "Push Notifications" service for the App ID.

  8. Select Continue.


  9. Click the "Choose File..." button and upload the CSR file created on either the Windows machine or Mac. The wizard says to select .certSigningRequest file saved on your Mac, but you can also select the CSR file you saved on your Windows machine also. The CSR does not have to come only from a Mac.


  10. Click Generate.

  11. Once complete, click Download to receive the APNS certificate. The file will be in .CER format.


  12. Click Done.

Converting and Exporting the APNS Certificate to .pfx/.p12 format

Important: You will need to ensure that you are installing the certificate on the same server that you generated the CSR on for successful association of the private key that was created during the CSR process.

Important: For IIS you will need to ensure that you have already installed the Apple Root and Intermediate certificates on your server before you will be able to complete the certificate request, please see "Obtaining the additional Apple Root and Intermediate Certificates to be used with the new APNS Certificate" listed below.

A. Completing the CSR on a Mac and export the certificate

  1. Copy the .cer certificate file to the Mac and double-click it to upload it to Keychain Access in order to complete the signing request.
  2. In the Keychain Access window, select "Keys" in the left window pane under the Category section.
  3. Expand the Name (the Common Name you entered when generating the CSR) that shows the "private key" under the Kind column.
  4. Control-click (or right-click) the "Apple Production IOS Push Services..." key and select Export...
  5. Enter the password that you wish to set for exporting the certificate.
  6. Now, you will have the certificate in .p12 fofrmat.

B. Completing the CSR on a Windows Server using IIS Manager

  1. Copy the .cer certificate file to the Windows Server.

  2. Click on the Start Menu, go to Administrative Tools, and click on Internet Information Services (IIS) Manager.

  3. Click on the name of the server in the Connections column on the left. Double-click on Server Certificates.

  4. In the Actions column on the right, click on Complete Certificate Request...

  5. Click the button with the three dots and select the .cer certificate that you received from the Apple Push Certificates Portal. If the certificate doesn’t have a .cer file extension, select to view all types.

  6. Enter a friendly name you want so you can keep track of the certificate on this server. Click OK.

  7. If successful, you will see the certificate in the list. If you receive an error stating that the request or private key can’t be found, make sure you are using the correct certificate and that you are installing it to the same server that you generated the CSR on.

  8. Now, you need to export the APNS certificate to the correct format. Right-click the certificate you just imported and select Export.

  9. Click the button with the three dots to specify a path to save the certificate file in .pfx format. When exporting the certificate, you are required to enter a password used for exporting the certificate.

  10. Now, you will have the certificate in .pfx format.

Obtaining the additional Apple Root and Intermediate Certificates

Important: This APNS certificate obtained from the Apple Developer Program Portal requires a different Root and Intermediate certificate than the APNS certificate you obtain from the Apple Push Certificates Portal for device management.

  1. To obtain the Root and Intermediate certificates, in a web browser, go to http://www.apple.com/certificateauthority
  2. In the Apple Root Certificates section, download either the "Apple Computer, Inc. Root Certificate" or "Apple Inc. Root Certificate".
  3. In the Apple Intermediate Certificates section, download the "Worldwide Developer Relations" certificate.

Installing the Apple Certificates for use with Afaria

Certificates needed:

  1. Apple Computer, Inc. Root Certificate or Apple Inc. Root Certificate (.cer file)
  2. Worldwide Developer Relations (WWDR) Certificate (.cer file)
  3. "Apple Production IOS Push Services..." Certificate (.pfx or .p12 file)

Instructions for installing the certificates in the Afaria Administrator UI

  1. In the Afaria Administrator, navigate to Server > Configuration > Component > iOS Notification.
  2. In the "APNS Push Certificate (for Custom-Signed Afaria Application)" section, click Browse.
  3. Browse to and select the .p12/.pfx certificate file.
  4. In the Password field, enter the correct password required for exporting the Push certificate/private key.
  5. Click Install.


  6. Once you click Install, if it is detected that the Apple Root and Intermediate certificates don't exist within the certificate store on the Afaria Server, you will be prompted to provide the certificates.
  7. On the "Select Apple Root Certificates" window, browse to and select the Apple Root CA and "Worldwide Developer Relations" certificates.
  8. Click Install.

  9. Click Save to store the changes.
  10. The APNS push certificate name should now be populated on the screen.


  11. At any time, you can click the "Validate" link to see that certificate chain is OK or if there is a problem.

MORE INFORMATION:

This APNS certificate is valid for one year and must be renewed annually. To renew the certificate, you must logon to the Apple Developer Program and select the certificate and there should be an option to Renew. A new CSR must be generated to renew the Apple certificate. To update the certificate in the Afaria Administrator UI, you can follow the same steps as described above under the "Instructions for installing the certificates in the Afaria Administrator UI" steps listed above.

  • No labels