APNs Certificates
Click here to see this page in full context


APNs Certificates

This section is applicable only for iOS devices. For managing iOS devices, you must obtain Apple Push Notification Service (APNs) certificate for secure communication from Qualys VMDR Mobile server with the Apple devices. Qualys VMDR Mobile helps you generate and renew APNs certificates.

What is an APNs Certificate?

VMDR Mobile uses APNs certificate to send notifications to the Apple devices when communication is initiated by the administrator or by the server for requesting information from the devices or, Apps or policies are published on the devices. No data is sent through the APNs service, only the notification.

Pre-requisites to Generate the Certificate

- An Apple ID. (Can be created at https://appleid.apple.com)

- Mac OS X or Windows workstation with Administrative permissions

- Web browser (Safari, Mozilla Firefox or Chrome are required to work with Apple’s website)

Steps to generate APNs certificate

1) Login to the VMDR Mobile Portal at https://xxxx.apps.qualys.com.

2) Navigate to Configurations > APNs Configuration and click New.

3) Download Certificate Signing Request (CSR) file and save the file at a known location. Click Next.

4) Click Goto Apple Portal link to go to Apple Push Certificate Portal (https://identity.apple.com/pushcert/).

5) Log in using corporate Apple ID and password. Click Create a Certificate.

6) Select I have read and agree to these terms and conditions check box, and then click Accept.

Terms of Use

7) Browse to the location you saved the Qualys_CertificateSigningRequest.txt file and then upload the certificate file.

8) In the confirmation window, download the PEM file to a known location.

9) Now, go back to your Configure APNs Certificate wizard in the Qualys portal. In the Create Certificate tab enter the APNs Name and the Apple ID using which you have generated the PEM file and click Next.

10) Upload the certificate file (.pem) that you downloaded from the Apple portal.

11) Click Save. You will be prompted to enter your Qualys Portal password before saving.

This APNs certificate is now listed in the APNs Configuration tab and you can start using it to manage your Apple devices.

Renew APNs Certificate

The validity of APNs certificate is of 365 days so, the administrator must renew the certificate after every 365 days. The Qualys VMDR Mobile Portal notifies the administrator when the certificate is expiring via email. The administrator must renew this certificate before the certificate expires. If the certificate expires, the administrator might be unable to manage the Apple devices in their organization, which might result in the administrator having to manually de-enroll and then re-enroll all Apple devices in the system again.

Steps to renew APNs certificate

1) Navigate to Configurations > APNs Configuration and click Renew.

2) Download Certificate Signing Request (CSR) file and click Next. You may skip this step if you have already downloaded the CSR.

3) Click Goto Apple Portal link to go to Apple Push Certificate Portal (https://identity.apple.com/pushcert/)

4) Login to Apple Push Certificate Portal using the same Apple ID and password that you used to originally create the APNs certificate.

Locate the APNs certificate that you want to use, and then click Renew.

Note: If multiple certificates are listed, please ensure that you have selected the correct APNs certificate that you would like to Renew.

You may compare the Serial # or expiration date for the APNs certificate that you selected to confirm that you are using the right certificate or compare the UID of the certificate.

5) Browse to locate the certificate file and then click Upload.

6) In the confirmation window download the PEM file to a known location.

7) Now, go back to your Renew APNs Certificate wizard in the Qualys portal. In the Create Certificate tab, existing APNs Name and the Apple ID will be shown.

8) Upload the certificate file (.pem) that you downloaded from the Apple portal.

9) Click Save. You will be prompted to enter your Qualys Portal password before saving.

This APNs certificate is now listed in the APNs Configuration tab and you can continue managing your Apple devices using this certificate.