iOS MDM APNs Certificate

SuRam
Comes here often

iOS MDM APNs Certificate

Hey

 

I'm looking at various MDM providers for managing iOS devices.

 

Why does Meraki want us to create the .pem file from Apple Certificate Portal. I don't see any use to it. I suppose they can have the .pem file created themselves with their Apple ID and let the customers use it. This way we need not worry about renewal every year.

 

Can this be supported?

7 REPLIES 7
MilesMeraki
Head in the Cloud

The .pem file relays to a certificate which allows the Apple Push notification server to communicate with SM. The certificate is then installed silently on enrolled SM devices to allow for management. Without it, SM cannot communicate with Apple devices.

 

Apple imposes the 365-day renewal, not Meraki.

 

Have a read of this article which describes the Apple Push Certificate requirement and steps in more detail - https://documentation.meraki.com/SM/Device_Enrollment/Apple_MDM_Push_Certificate

 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)

I know the 365 day trial is imposed by Apple.

 

I'm just saying that instead of we getting the certificate, Meraki could get a single certificate which will be used to manage all the devices. We just select how to manage them. I'm sure Meraki would Renew the certificate before it expires. This would make the setup much more simpler, isn't it?

 

As they are not doing it, I would like to know if there is particular reason why we should get the .pem file.

 

Thank you.

SuRam
Comes here often

As a matter of fact, not only Meraki, none of the other MDM providers follow this. I would like to know why.
jared_f
Kind of a big deal

This is an Apple limitation (as 99% of all MDM problems are). Also, it would be a security problem for some organizations, especially healthcare which I do, to have their MDM traffic over the same certificate. 

 

Meraki is is great at alerting you when that certificate is about to expire and has great guides to renew it. 

 

Hope thay answers the “why” aspect,

Jared

Find this helpful? Click the kudos button. Thanks!
SuRam
Comes here often

So, you are saying that each one of us has to get the .pem file because of security concerns and handling our organizations traffic in our own file.
jared_f
Kind of a big deal

I believe so. Why is the certificate such a big issue? It only takes 2 minutes to make/renew!

 

Also, I believe that this distinguishes MDM traffic between different servers.

Find this helpful? Click the kudos button. Thanks!
jared_f
Kind of a big deal

Certificates are free for anyone who has an Apple ID (also free). They used to (Apple) make you have a developer account for certificates. 

Find this helpful? Click the kudos button. Thanks!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels