Managing the Apple ID and digital certificates

Creating an Apple ID

Open a supported web browser and go to https://appleid.apple.com/account. The Create Your Apple ID page opens.
Fill in the form. You must specify an email account and the phone number of the device that will be used to verify the certificate request (usually, this is the device assigned to the Advanced EPDR administrator). Click Continue. You will receive a message with a verification code at the email address provided in the form.
Enter the verification code in the form. Click Continue. You will receive a new code by SMS at the phone number provided in the form.
Enter the SMS code. Click Continue. The process is complete and the dashboard associated with the newly created account opens. This dashboard enables you to manage your account and see all certificates generated so far.

Creating and importing the digital certificate into the Advanced EPDR console

To integrate iOS devices into Advanced EPDR using the Cytomic MDM solution, you must generate a digital certificate that ensures the confidentiality of communications with the Apple servers:

Select the Computers menu at the top of the console. Click the Add computers button. A window opens with the platforms supported by Advanced EPDR.
Click the iOS icon. If no certificate has been previously imported, a window opens with the procedure for creating a valid certificate.

Window detailing the procedure for creating and importing an Apple digital certificate

Click the Download link. The apple_push.csr file is downloaded. This file contains the signed certificate request encoded as Base64.
Click the Apple Push Certificates Portal link. If you have previously logged in, the web browser opens the page for managing Apple digital certificates. Otherwise, enter your Apple ID credentials. See Creating an Apple ID.
Click the Create Certificate icon. The Terms of Use page opens.
Select I have read and agree to these terms and conditions. Click Accept. The Create a New Push Certificate page opens.
Click Choose File. Select the apple_push.csr file you previously downloaded from the Advanced EPDR management console. Click Upload. A Confirmation page opens with information about the generated certificate. You will receive an informational email message.
Click the Download button. The MDM_ Panda Security, S.L._Certificate.pem file is downloaded. This file contains the digital certificate.
In the Advanced EPDR management console, click the Select file link. Choose the MDM_ Panda Security, S.L._Certificate.pem file you downloaded from the Apple portal. The iOS window appears, with the ID and expiration date of the imported certificate.

Window with information about the uploaded digital certificate

Renewing the Apple certificate

Apple certificates are valid for one year, after which they expire.

Renew your Apple certificate well before its expiration date. If your certificate expires, you will no longer be able to manage your devices from the Advanced EPDR management console. You will have to generate a certificate again and reintegrate all of your company’s iOS devices.

Go to https://identity.apple.com/pushcert/ and log in using your Apple ID credentials (see Creating an Apple ID). The Certificates for Third-Party Servers page opens.

Certificates for Third-Party Servers page

Click the Renew button associated with the certificate in use. The Renew Push Certificate page opens.
Click Choose File. Choose the apple_push.csr file. If the file is no longer available, you can create a new one. See Creating and importing the digital certificate into the Advanced EPDR console.
Click the Upload button. The Confirmation page opens.
Click the Download button. The updated certificate is downloaded.
Select the Computers menu at the top of the Advanced EPDR management console. Click the Add computers button. A window opens with all platforms supported by Advanced EPDR.
Click the iOS icon. A window opens with information about the previously uploaded certificate.
Click Renew. The iOS window opens, with the certificate expiration date and ID (Apple Push Topic).
Click the Select file link. Choose the apple_push.csr file you used when you first created the certificate. If the file is no longer available, you can download a new file from the Advanced EPDR management console. See Creating and importing the digital certificate into the Advanced EPDR console.
Click the Send button. The iOS window opens, with an updated expiration date for the certificate.

Checking the expiration date of a certificate

Select the Computers menu at the top of the console. Click the Add computers button. A window opens with the platforms supported by Advanced EPDR.
Click the iOS icon. If a certificate has been previously imported, its data is shown.
If the certificate is expired, a warning message is shown.

Window with information about an expired digital certificate