I'm looking at various MDM providers for managing iOS devices.
Why does Meraki want us to create the .pem file from Apple Certificate Portal. I don't see any use to it. I suppose they can have the .pem file created themselves with their Apple ID and let the customers use it. This way we need not worry about renewal every year.
Can this be supported?
The .pem file relays to a certificate which allows the Apple Push notification server to communicate with SM. The certificate is then installed silently on enrolled SM devices to allow for management. Without it, SM cannot communicate with Apple devices.
Apple imposes the 365-day renewal, not Meraki.
Have a read of this article which describes the Apple Push Certificate requirement and steps in more detail - https://documentation.meraki.com/SM/Device_Enrollment/Apple_MDM_Push_Certificate
I know the 365 day trial is imposed by Apple.
I'm just saying that instead of we getting the certificate, Meraki could get a single certificate which will be used to manage all the devices. We just select how to manage them. I'm sure Meraki would Renew the certificate before it expires. This would make the setup much more simpler, isn't it?
As they are not doing it, I would like to know if there is particular reason why we should get the .pem file.
This is an Apple limitation (as 99% of all MDM problems are). Also, it would be a security problem for some organizations, especially healthcare which I do, to have their MDM traffic over the same certificate.
Meraki is is great at alerting you when that certificate is about to expire and has great guides to renew it.
Hope thay answers the “why” aspect,
Certificates are free for anyone who has an Apple ID (also free). They used to (Apple) make you have a developer account for certificates.
I believe so. Why is the certificate such a big issue? It only takes 2 minutes to make/renew!
Also, I believe that this distinguishes MDM traffic between different servers.