Configuring certificates

Learn how to configure certificates and establish an authorized connection between the MDM server and Apple devices.

Apple® Push Notification
Apple Push Notification (APN) is used to notify Apple devices to check in with the MDM Server. To push notifications to Apple devices, you need an APN certificate, which is a prerequisite to manage mobile devices.
Note: You must have a valid Apple ID (preferably company Apple ID) to create an APNs certificate.

To establish an authorized connection between the MDM server and Apple Push Notification server, you must create a Certificate Signing Request (CSR) and send the CSR file to HCL for signing. After signing, you must upload the CSR file to your Apple Developer account to obtain a provider certificate from Apple.

To Obtain a Provider Certificate from Apple, complete these steps:

  1. In the command-line interface, run the following command to create CSR:
    openssl req -newkey rsa:2048 -nodes -keyout PUSHCERTNAME_temp.key -out PUSHCERTNAME.csr -subj "/C=US/CN=HOSTNAME/emailAddress=EMAILADDRESS"
    • You can replace PUSHCERTNAME with a name of your choice.
    • EMAILADDRESS must be unique to your organization, it is not stored or used directly by HCL or BigFix.
    • HOSTNAME must be the FQDN of the server on which the MDM server runs.
  2. Run the following command:
    openssl rsa -des3 -in PUSHCERTNAME_temp.key -out PUSHCERTNAME.key
    Enter the Pem Pass Phrase of your choice when prompted. You will then be asked to verify it.
    Important: Save the generated PUSHCERTNAME.csr and PUSHCERTNAME.key at a safe location. You can use these files at the time of certificate renewals with Apple after one year. Also, store the Pem Pass Phrase in a safe location for certificate renewals.
  3. Send the CSR file to
    Important: Include your HCL Customer ID or BigFix server serial number in the body of the email.
  4. An HCL-signed version of the CSR file, plus additional instructions from will be returned to the sender’s email address within one business day. Follow the instructions in that email to obtain the required file through your Apple Developer account.