5

I am new to server technology.I know how to obtain an Apple iOS MDM Certificate and to use Apple iOS MDM features, we must: 1. Join Apple’s iOS Developer Enterprise Program. 2. Enroll 3. Register the MDM application. Apple will issue an MDM certificate.

Now, I want to know how to safely install the Apple MDM certificate in our MDM server?

Is there any specific path in MDM Server where should we keep the certificate?

Edit: We are using Python/Django in server side.

Kristian Glass
  • 280
  • 2
  • 10
rainbow1202
  • 151
  • 4

2 Answers2

4

An SSL Certificate in the case of the Apple MDM, has no confidentiality requirements/needs. In fact, it is better shared.

You'll just want to follow the documentation for the specific MDM you are using.

On the other hand, your private key associated with the public key in the SSL certificate will need protection. We can handle that as a separate question and go over security recommendations for your infrastructure.

To get better acquainted with public key cryptography and the use of digital certificates, consider reading:

http://en.wikipedia.org/wiki/Public-key_cryptography

http://en.wikipedia.org/wiki/Public_key_certificate

Brennan
  • 1,398
  • 6
  • 18
0

Apple's MDM Vendor certificate is the .crt file which contains only the certificate. The key generated during the creation of certificate signing request is required to successfully decrypt the certificate. However, I personally feel keychain to be the best place to store the certificate. Also this is the certificate that will be used on creating the encoded file which helps in generating Apple Push Notification Certificate. Hence the best mechanism is placing the certificate in the secured MDM server.

I hope this helps you.

Anand
  • 119
  • 5
  • Sorry, I don't quite get what you mean by "*decrypt the certificate*". – MadHatter Mar 27 '14 at 14:34
  • If anyone other than you want to use that certificate they will be needing the key of certificate signing request. Hence, the certificate is already safe to some extent. – Anand Mar 27 '14 at 15:40
  • I'm not sure that's quite how public-key cryptography works. Better, perhaps to say that *you'll be needing the key in order to sign things in such a manner that your certificate can authenticate them*. The certificate doesn't, as far as I know, contain any private key material, and as Brennan notes above, it should be shared as widely as possible in order to be of most use. – MadHatter Mar 27 '14 at 15:47
  • For the first few days I was also struggling with the same then I realised that there exist a private key for a MDM server certificate. See the snapshot of my keychain in [this](http://imgur.com/nE15Xjk) link. – Anand Mar 27 '14 at 15:56
  • There exists a private key corresponding to **every** public key certificate; that's how public key cryptography works. The private key is not, however, usually an integral part of the public key certificate, and things would go amiss if it were. – MadHatter Mar 27 '14 at 15:58
  • Ya you are right. What I mean in the previous comment is that once the person hacks the MDM certificate alone then it will be useless unless he have the associated private key. – Anand Mar 27 '14 at 17:36