GuideSAP Mobile Secure Cloud EditionDocument Version: 2.1 – 2014-08-15

CUSTOMER

Creating an APNs Certificate

2CUSTOMER© 2014 SAP AG or an SAP affiliate company. All rights reserved.

Creating an APNs CertificateTypographic Conventions

Typographic Conventions

Type Style Description

Example Words or characters quoted from the screen. These include field names, screen titles,pushbuttons labels, menu names, menu paths, and menu options.Textual cross-references to other documents.

Example Emphasized words or expressions.

EXAMPLE Technical names of system objects. These include report names, program names,transaction codes, table names, and key concepts of a programming language when theyare surrounded by body text, for example, SELECT and INCLUDE.

Example Output on the screen. This includes file and directory names and their paths, messages,names of variables and parameters, source text, and names of installation, upgrade anddatabase tools.

Example Exact user entry. These are words or characters that you enter in the system exactly as theyappear in the documentation.

<Example> Variable user entry. Angle brackets indicate that you replace these words and characterswith appropriate entries to make entries in the system.

EXAMPLE Keys on the keyboard, for example, F2 or ENTER .

Creating an APNs CertificateTable of Contents

CUSTOMER© 2014 SAP AG or an SAP affiliate company. All rights reserved. 3

Table of Contents

1 Overview ................................................................................................................................................... 41.1 Mobile Device Management in iOS .........................................................................................................................41.2 Afaria and the Apple Push Notification Service ....................................................................................................41.3 The Certificate Creation Process ........................................................................................................................... 5

2 Creating a Certificate Request ............................................................................................................... 6

3 Obtaining the APNs Certificate from Apple ........................................................................................... 7

4 Uploading the Certificate to your Afaria Cloud Site ............................................................................ 10

5 Renewing an APNs Certificate ............................................................................................................... 11

4CUSTOMER© 2014 SAP AG or an SAP affiliate company. All rights reserved.

Creating an APNs CertificateOverview

1 Overview

The purpose of this document is to create an Apple certificate (cert) that can be used with Afaria to enable ApplePush Notifications within the Afaria environment. The Apple Push Notification service (APNs) cert is required byAfaria to communicate with the device while it interacts with the Afaria device client.

1.1 Mobile Device Management in iOS

Mobile Device Management (MDM) such as Afaria gives businesses the ability to manage large scale deploymentsof iOS devices, including the iPhone, iPad, and even the iPod. This provides the ability for Afaria to securely enrolldevices in an enterprise environment, wirelessly configure and update settings, monitor compliance withcorporate policies, and remotely wipe or lock managed devices, and other controls.

Most management functions are completed behind the scenes with no user interaction required. For example, ifyou wanted to update your VPN infrastructure, the Afaria Server can configure your iOS devices with new accountinformation over the air. The next time VPN is used, the appropriate configuration is already in place, so theemployee does not need to call the help desk or manually modify settings.

1.2 Afaria and the Apple Push Notification Service

When the Afaria Server wants to communicate with any iOS device such as an iPhone, iPad, or even a Wi-Fi-capable iPod1, a silent notification is sent to the device via the Apple Push Notification service, prompting it tocheck in with the server. The process of notifying the device through this service does not actually send anyproprietary information to or from the Apple Push Notification service.

1 Applies to select models of iPods.

Creating an APNs CertificateOverview

CUSTOMER© 2014 SAP AG or an SAP affiliate company. All rights reserved. 5

The only task performed by the push notification is to wake the device so it checks in with the Afaria Server. Allconfiguration information, settings, and queries are sent directly from the server to the iOS device over anencrypted SSL/TLS connection between the device and the Afaria Server. Apple iOS handles all Afaria requestsand actions in the background to limit the impact on the user experience, including battery life, performance, andreliability.In order for the push notification server to recognize commands from the Afaria Server, a certificate must first beinstalled on the server. This certificate must be requested and downloaded from the Apple Push CertificatesPortal. Once the APNs certificate is uploaded to the Afaria Server, devices can begin to be enrolled.For more information on requesting an Apple Push Notification certificate for MDM, visitwww.apple.com/business/mdm.

1.3 The Certificate Creation Process

To use MDM, you need to install an SSL certificate obtained from Apple on your MDM server. This certificateenables your server to securely communicate with the Apple Push Notification service. Requesting a certificate issimple and free.Follow these instructions to get started:1. Log in to the SAP Mobile Secure Web site.2. Download a signed certificate signing request (CSR).3. Upload the certificate to Apple and download the resulting certificate (.PEM).4. Upload the certificate to the Afaria server.

6CUSTOMER© 2014 SAP AG or an SAP affiliate company. All rights reserved.

Creating an APNs CertificateCreating a Certificate Signing Request

2 Creating a Certificate Signing Request

Download a signed certificate signing request (CSR) from the SAP Mobile Secure Web site athttp://global.sap.com/campaigns/digitalhub-mobile/index.html.1. Log in to SAP Mobile Secure and then click Devices > Settings.2. From the Apple MDM Certificate page, click Download under Download a Signed CSR.

A signed CSR (.SCSR) is generated and downloaded for submission to Apple.3. Proceed to Obtaining the APNs Certificate from Apple.

Do not log out of or close the SAP Mobile Secure Web site. You will return to this site to upload the generatedAPNs certificate.

Creating an APNs CertificateObtaining the APNs Certificate from Apple

CUSTOMER© 2014 SAP AG or an SAP affiliate company. All rights reserved. 7

3 Obtaining the APNs Certificate from Apple

Upload the signed CSR to the Apple Push Certificates Portal and download the resulting APNs certificate.

NoteThis process does not work in Internet Explorer; it is recommended you use Chrome or Safari.

1. From your browser, go to the Apple Push Certificates Portal website at https://identity.apple.com/pushcert.

2. Sign in using your Apple ID and password.This can be any valid Apple ID. This does not have to be an Apple ID associated with an Apple DeveloperAccount.

3. Click Create a Certificate.

8CUSTOMER© 2014 SAP AG or an SAP affiliate company. All rights reserved.

Creating an APNs CertificateObtaining the APNs Certificate from Apple

4. Read the Terms of Use and accept the End User License Agreement.5. Click Choose File to browse to the .SCSR file provided by SAP.

6. Click Upload.

Creating an APNs CertificateObtaining the APNs Certificate from Apple

CUSTOMER© 2014 SAP AG or an SAP affiliate company. All rights reserved. 9

If successfully uploaded, the MDM certificate will be displayed on the Certificates for Third-Party Serversscreen. This screen is where all certificates issued under the logged in Apple ID are displayed.

7. Click Download to receive the Apple certificate.

The obtained certificate will be in .PEM format.8. Once the .PEM file is downloaded, proceed to Upload the Certificate to your Afaria Cloud Site.

You can now log out of the Apple Push Certificates Portal.

10CUSTOMER© 2014 SAP AG or an SAP affiliate company. All rights reserved.

Creating an APNs CertificateUploading the Certificate to your Afaria Cloud Site

4 Uploading the Certificate to your AfariaCloud Site

Upload the downloaded .PEM file to the Afaria Cloud.1. Return to the Apple MDM Certificate page of the SAP Mobile Secure Web site.2. Under Upload Certificate and Install to SAP Afaria, click Choose File and select the APNs certificate.3. Once the file has populated into the selection dialog, click Upload and Install to complete the process.

Creating an APNs CertificateRenewing an APNs Certificate

CUSTOMER© 2014 SAP AG or an SAP affiliate company. All rights reserved. 11

5 Renewing an APNs Certificate

Renew an APNs certificate by downloading a new signed CSR from SAP Mobile Secure and uploading it to theApple Push Certificates Portal Web site. To ensure you renew the right certificate, verify that the expiration datedisplayed on the portal matches the date displayed in the Afaria console. APNs are renewed for one year.Download a signed CSR from the SAP Mobile Secure Web site at http://global.sap.com/campaigns/digitalhub-mobile/index.html.1. Log in to SAP Mobile Secure and then click Devices > Settings.2. From the Apple MDM Certificate page, click Download under Download a Signed CSR.

A signed CSR (.SCSR) is generated and downloaded for submission to Apple.3. From your browser, go to the Apple Push Certificates Portal website at https://identity.apple.com/pushcert.

4. Sign in using your Apple ID and password.5. From the Certificates for Third-Party Servers list, click Renew beside the certificate you want to renew.

12CUSTOMER© 2014 SAP AG or an SAP affiliate company. All rights reserved.

Creating an APNs CertificateRenewing an APNs Certificate

6. From the Renew Push Certificate page, click Browse, select the new .SCSR file, then click Upload.

Once the signed CSR is successfully uploaded, the Certificates for Third-Party Servers list is updated to showthe new expiration date for the certificate.

7. Click Download to receive the renewed Apple certificate.8. Once the renewed certificate is downloaded, upload the certificate to the Afaria Cloud. See Upload the

Certificate to your Afaria Cloud Site.

www.sap.com/contactsap

Material Number

© 2014 SAP AG or an SAP affiliate company. All rights reserved.No part of this publication may be reproduced or transmitted in anyform or for any purpose without the express permission of SAP AG.The information contained herein may be changed without priornotice.Some software products marketed by SAP AG and its distributorscontain proprietary software components of other softwarevendors.National product specifications may vary.These materials are provided by SAP AG and its affiliatedcompanies (“SAP Group”) for informational purposes only, withoutrepresentation or warranty of any kind, and SAP Group shall not beliable for errors or omissions with respect to the materials. The onlywarranties for SAP Group products and services are those that areset forth in the express warranty statements accompanying suchproducts and services, if any. Nothing herein should be construed asconstituting an additional warranty.SAP and other SAP products and services mentioned herein as wellas their respective logos are trademarks or registered trademarks ofSAP AG in Germany and other countries. Please seewww.sap.com/corporate-en/legal/copyright/index.epx#trademarkfor additional trademark information and notices.