msc mobile emerging technologies blog

How to renew an Afaria iOS Push Certificate

Posted by Klaus Rollinger on Feb 1, 2016 4:44:56 PM

The Apple iOS Push Certificate must be renewed every year. If the certificate expires (or is revoked) all devices must be re-enrolled in Afaria. Something you want to avoid at any cost.

This blog will show you how to do this for a single Afaria 7 (SP 08) installation on Windows (Server 2008 R2). The information this post relies on is spread over following SAP knowledgebase articles:

Renewing the iOS Push Certificate

Create a certificate request

We begin with creating a certificate request. I usually do this on the Afaria machine, but any machine will do.

  1. Open IIS and navigate to <Machine Name> -> Server Certificates

    afaria01.png

  2. On the “Server Certificates” screen press „Create Certificate Request“ on the right side
  3. On the “Request Certificate” popup enter the values appropriate for your organization, e.g.

    afaria02.png

  4. In the next screen leave the „Cryptographic service provider“ untouched, just change „Bit length“ to 2048
  5. Finish the certificate request by saving it to a text file.
Get the certificate request signed

The next step is to get the certificate request signed on the Sybase site.

  1. With your preferred web browser navigate to https://frontline.sybase.com/support and log in using your Sybase Mobile Technical Support Account
  2. On the left side navigation go to “Apple CSR Signing”
  3. Using the Web-UI select the certificate request file created earlier and upload it. 

    afaria03.png

  4. Now the signed certificate request (SCSR) file will be presented for download. Download it and proceed to the next step
Renew the iOS Push certificate with the signed certificate request

With the SCSR file we are now able to renew the iOS Push certificate on the apple site.

  1. Using a compatible browser (Safari should work best) navigate to https://identity.apple.com/pushcert and log in using your Apple ID
  2. In the next screen identify your current push certificate. If you have multiple certificates you can identify the correct one by pressing the “i” button left to the “Renew” button 

    afaria04.png

  3. Press „Renew“ on the push certificate you want to renew.
  4. In the next screen select the SCSR file created before and upload it

    afaria05.png

  5. You will be presented to download the new push certificate. Download the .pem file and complete the certificate request
Complete the certificate request

With the renewed push certificate (.pem) file continue on the same machine you created the certificate request.

  1. Open IIS and go to <Machine Name> -> Server Certificates
  2. Press “Complete Certificate Request”
  3. Select the downloaded .pem file from before and enter a friendly name for the certificate

    afaria06.png

  4. Back in the “Server Certificate” screen the new push certificate can be seen. Right click it and select “Export”
  5. Export the certificate to a .pfx file

If you did not do the renew certificate procedure on your Afaria machine you will need to import this certificate (.pfx file) to the personal certificate store on your Afaria machine.

Adjust security settings on the new Push Certificate

In case you get an “unsigned Config Payload” presented during iOS device enrolment you need to do the following:

  1. On the Afaria machine open mmc.exe
  2. Add the Snap-in for “Certificates”, “Computer account”, “local Computer”
  3. Open the “Personal” store
  4. Identify your new iOS Push Certificate, right click on it -> All Tasks -> Manage Private Keys
  5. In the popup add the local IIS_IUSRS account

    afaria07.png

  6. Change the permission for the IIS_IUSRS account to “Read”

    Permissons

  7. Press “Apply” and close the popup.
  8. Do an IIS reset or restart the machine.
Integrate the renewed certificate in Afaria

Almost done, we only need to integrate the new push certificate into Afaria.

  1. Log into Afaria Administrator
  2. Go to Server -> Configuration -> Component -> iOS Notification (may differ depending on Afaria version)
  3. In the “APNS Push Certificate” Area press “Browse” and select the exported push certificate (.pfx file) from before.
  4. Enter the password for the .pfx file and press “Install”

    afaria09.png

  5. Before saving your changes make sure you validate the installed certificate. Check the expiration date

    afaria10.png

  6. Save your changes and restart the Afaria server (It would not hurt to restart the whole machine)


Now you are done renewing the Apple iOS Push Certificate for your Afaria installation. It is a long and complex process, but with this step-by-step instructions, you should be able to do it.

 


 

Topics: Afaria, SAP

 

Mobile and emerging solutions are changing the business world at a speed that was never experienced before. This blog is covering the mobile revolution. We post industry and company news, technical and functional tips and tricks and much more.

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all

About Us

With everything we do, we want to make the work life of people easier. We believe that people should be able to focus on their work, instead of spending their time on administrative tasks, paper or software.

The way we make the life of people easier is by providing easy to use solutions for the mobile world and the desktop. We implement standard SAP Mobile solutions and develop custom applications.

Learn More

More Links

Contact Us

   

 +1.514.295.9655 

  info@msc-mobile.com

   ,

 

1275 Avenue des Canadiens-de-MontréalMontreal (Quebec), Canada

opyright 2019 msc mobile Canada Inc.

Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.