4

I've looked everywhere for the push notification topic to send in my MDM enrollment profile and I've looked in both my developer/distribution key subject information but can't find anything that looks like this: 

b503419d-1e2a-a60f-7451-5b8832b5a9cb

What am I missing?

user454322
  • 7,300
  • 5
  • 41
  • 52
Todd McGuinness
  • 269
  • 2
  • 5
  • 11

2 Answers2

5

As Michael Gaffney says:

The topic is the value of UID in the subject your APNs certificate. It will begin with com.apple.mgmt.

To obtain it:
  1.Go to https://identity.apple.com/pushcert/ and download the certificate
  2.Get the topic from the certificate using OpenSSL e.g.,
bash-4.2.45$ openssl x509 -noout -in MDM_ \ABC \,LTD_Certificate.pem -subject
Gives this output:
    subject= /UID=com.apple.mgmt.External.9a68c111-109a-9084-a9f7-fffffffffff2/CN=APSP:9a68c111-109a-9084-a9f7-fffffffffff2/C=PE

The notification topic in this case is com.apple.mgmt.External.9a68c111-109a-9084-a9f7-fffffffffff2

user454322
  • 7,300
  • 5
  • 41
  • 52
2

The topic is the value of UID in the subject your APNs certificate. It will begin with com.apple.mgmt.

Michael Gaffney
  • 495
  • 2
  • 7
  • Thank you Michael, unfortunately I don't find anything in my cert that starts with com.apple.mgmt when I examine with Keychain Access or with openssl? I have both developer and distribution certs. I also have an MDM certificate + server certs created? – Todd McGuinness Nov 14 '12 at 18:29
  • 2
    The APNs certificate is the one you downloaded from https://identity.apple.com/pushcert/. You can use openssl to check the subject with a command like the following `openssl x509 -inform PEM -noout -subject -in apns-production.pem`. (For pem formatted certificate. If that doesn't work change the -inform to DER). – Michael Gaffney Nov 14 '12 at 22:28
  • Ok - understand that process but this is not a third party server? I am my own MDM and when I create a CSR on my machine it is not accepted as a valid csr. I am sorry if these are newbie questions... – Todd McGuinness Nov 15 '12 at 00:09
  • It does not need to be a third party server. However, your CSR needs to be signed by an MDM vendor using a special certificate and then the results of that are what you need to upload to the Apple Pushcert website. – Michael Gaffney Nov 15 '12 at 07:17
  • Michael, sorry to be dense here but I want to be the MDM provider. Not really but we are building our own MDM software and want to do everything ourselves. We manage/will manage a lot of devices and don't want to rely on 3rd party solutions. I think the steps I need to follow are [here](http://stackoverflow.com/questions/8501039/apple-mdm-vendor-csr-signing) – Todd McGuinness Nov 15 '12 at 17:40
  • My apologizes, Todd. I should have made my previous comment more clear. The CSR needs to be signed using an MDM signing certificate. If you have one of those, then, yes, all you need to do is follow the steps noted in the link you found. Sorry for the confusion. – Michael Gaffney Nov 15 '12 at 21:31