Creating a Certificate Signing Request (CSR) on Windows Server and Mac
This section explains how to create a Certificate Signing Request on Windows Server and Mac, and how to obtain the private key associated to the CSR.
Apple requires an MDM Push certificate to ensure secure communication between the GravityZone Communication Server and the Apple Push Notifications service (APNs) when sending push notifications to iOS devices.
To obtain an Apple MDM Push certificate, you need a Certificate Signing Request (CSR) that you can create on Windows Server or on Mac.
To create a CSR on Windows Server:
Go to Start > Administrative Tools > Internet Information Services (IIS) Manager.
Select the server name from the left-side panel.
In the center panel, double-click Server Certificates.
In the Actions menu from the right-side, click Create Certificate Request.
In the Distinguished Name Properties window, complete the following fields:
Common name – the fully qualified domain name (FQDN) or the URL for which you want to use the certificate.
Organization – the name under the company is legally registered. Example: MyCompany, Ltd.
Organizational unit – the department of the company for which you use the certificate. Example: IT.
City/locality – the full name of the city where the company is located. Do not abbreviate.
State/province – the full name of the state or province where your company is located.
Country/region – the two-letter ISO-format country code where your company is located. Examples: US (United States of America), GB (United Kingdom), DE (Germany) etc.
Click Next.
In the Cryptographic Service Provider Properties window, select the following:
Cryptographic service provider: Microsoft RSA SChannel
Bit length: 2048
Click Next.
In the File Name window, select the location for saving the CSR and enter a name.
Click Finish.
Your CSR is created as a .txt file.
Next, you need to obtain the private key associated to the CSR:
Open the Microsoft Management Console (mmc).
Go to File > Add/Remove Snap-in.
Double-click Certificates in the list of snap-ins.
Select Computer account and click Next.
Select Local computer and click Finish.
Click OK to populate the snap-in.
Go to Console Root > Certificates > Certificate Enrollment Requests.
Right-click the desired CSR and click All Tasks > Export.
In the Certificate Export Wizard, click Next.
Choose Yes, export the private key and click Next.
Select Personal Information Exchange – PKCS #12 and click Next.
Enter a password to protect your private key and click Next.
Choose where to save the private key and click Next.
Click Finish.
The private key is exported as a .pfx file.
To create a CSR on Mac:
Go to Applications > Utilities > Keychain Access.
Select login from the left sidebar and Certificates from the category.
In the Keychain Access menu, go to Certificate Assistant > Request a Certificate from a Certificate Autority.
Enter an email address and name for the certificate and select Saved to disk.
Note
You do not need a CA Email address for the Saved to disk option.
Click Continue.
Select a location for the CSR file and click Save.
Your CSR is created as a .certSigningRequest file.
Next, you need to obtain the private key associated to the CSR:
Go to Applications > Utilities > Keychain Access.
Select login from the left sidebar and Certificates from the category.
In the list, click to expand the left arrow for the desired certificate. You will see the associated private key.
Right-click the private key and select Export.
Save the file in the .p12 format.
Enter a password to protect the private key and click OK.
The private key is exported as a .p12 file, which is the same format as .pfx.
Once you have the CSR, you can get it signed by Bitdefender and add the Apple MDM Push certificate in the GravityZone Control Center. For details, refer to Adding an Apple MDM Push certificate in Control Center.