Meraki

Community

iOS MDM APNs Certificate

SuRam
Comes here often
‎Jan 5 2018 9:35 PM
‎Jan 5 2018 9:35 PM

iOS MDM APNs Certificate

Hey

 

I'm looking at various MDM providers for managing iOS devices.

 

Why does Meraki want us to create the .pem file from Apple Certificate Portal. I don't see any use to it. I suppose they can have the .pem file created themselves with their Apple ID and let the customers use it. This way we need not worry about renewal every year.

 

Can this be supported?

0 Kudos
7 Replies 7
MilesMeraki
Head in the Cloud
‎Jan 5 2018 11:07 PM
‎Jan 5 2018 11:07 PM

The .pem file relays to a certificate which allows the Apple Push notification server to communicate with SM. The certificate is then installed silently on enrolled SM devices to allow for management. Without it, SM cannot communicate with Apple devices.

 

Apple imposes the 365-day renewal, not Meraki.

 

Have a read of this article which describes the Apple Push Certificate requirement and steps in more detail - https://documentation.meraki.com/SM/Device_Enrollment/Apple_MDM_Push_Certificate

 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
0 Kudos
In response to MilesMeraki
SuRam
Comes here often
‎Jan 6 2018 3:49 AM
‎Jan 6 2018 3:49 AM

I know the 365 day trial is imposed by Apple.

 

I'm just saying that instead of we getting the certificate, Meraki could get a single certificate which will be used to manage all the devices. We just select how to manage them. I'm sure Meraki would Renew the certificate before it expires. This would make the setup much more simpler, isn't it?

 

As they are not doing it, I would like to know if there is particular reason why we should get the .pem file.

 

Thank you.

0 Kudos
In response to SuRam
SuRam
Comes here often
‎Jan 6 2018 3:51 AM
‎Jan 6 2018 3:51 AM

As a matter of fact, not only Meraki, none of the other MDM providers follow this. I would like to know why.
0 Kudos
In response to SuRam
jared_f
Kind of a big deal
‎Jan 6 2018 3:15 PM
‎Jan 6 2018 3:15 PM

This is an Apple limitation (as 99% of all MDM problems are). Also, it would be a security problem for some organizations, especially healthcare which I do, to have their MDM traffic over the same certificate. 

 

Meraki is is great at alerting you when that certificate is about to expire and has great guides to renew it. 

 

Hope thay answers the “why” aspect,

Jared

Find this helpful? Click the kudos button. Thanks!
0 Kudos
In response to jared_f
SuRam
Comes here often
‎Jan 7 2018 12:05 AM
‎Jan 7 2018 12:05 AM

So, you are saying that each one of us has to get the .pem file because of security concerns and handling our organizations traffic in our own file.
0 Kudos
In response to SuRam
jared_f
Kind of a big deal
‎Jan 7 2018 6:42 AM
‎Jan 7 2018 6:42 AM

I believe so. Why is the certificate such a big issue? It only takes 2 minutes to make/renew!

 

Also, I believe that this distinguishes MDM traffic between different servers.

Find this helpful? Click the kudos button. Thanks!
0 Kudos
In response to SuRam
jared_f
Kind of a big deal
‎Jan 6 2018 3:17 PM
‎Jan 6 2018 3:17 PM

Certificates are free for anyone who has an Apple ID (also free). They used to (Apple) make you have a developer account for certificates. 

Find this helpful? Click the kudos button. Thanks!
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.