Cortado Mobile Solutions

My Tickets

Configure the MDM for Apple devices


Request and install certificate

Export and import certificate

Renew certificate


Caution! If you want to renew your Apple Push certificate, please follow the procedure described in the Renew certificate section.

You will need the following security certificates for the Apple MDM:

An Apple Push Certificate is required for establishing a secure connection between the Cortado Management Console and Apple devices. Cortado sends the corresponding notification to the device via the Apple Push Notification service (APNs), requesting that it log in to the Cortado server. So no information is transmitted. The Apple Push Noti­fication Service only wakes the device from hibernation, so that it can be logged on to Cortado. All configuration information, settings and requests go via an (encrypted) SSL connection directly from the Cortado server to the Apple devices. 

Note for Cortado Server! Please note that your network must also be prepared for Apple Mobile Device Management. Particularly Apple uses the following TCP ports: 80, 2195, 2196 and 5223. See table with Cortado ports on Cortado server TCP ports. More information about Apple can be found here: http://sup­ 

Note for Cortado MDM! If you want to use Cortado MDM for a proof-of-concept, you don’t need to complete any further configuration steps and can get started right away. All the required certificates are already loaded. In a productive environment however, or an environment with more elevated security standards, we recommend that you undertake the following steps. 

Request and install certificate

Before you can request a certificate from Apple, you first have to run a Certificate Signing Request (CSR)

  • For CSR, select in the management console: Control Panel→ Certificates→ Apple Push Certificate (arrow in illus.). 
  • Click on Generate Certificate Request (arrow in illus.). 

Note for Cortado Server! Illustrations may vary slightly.

Caution! Do not use the Generate Certificate Request button to renew the certificate. Otherwise you will generate a new certificate that has to be distributed to all users again. 

  • Fill out the form and confirm with OK. 

  • Click on Submit to open a new website. 

  • Log in here with your Cortado ID or simply create a new ID (arrow in illus.).

  • By clicking Submit (see above), the Certificate Signing Request was automatically uploaded to the new website and signed by Cortado.

  • In step 2 you can download the signed certificate request (CSR). 

The signed CSR file is then saved.

  • Click on Create a Certificate (arrow in illus.). 

Note! If you would like to renew an existing certificate, then select your certificate instead and click Renew

  • Select your signed certificate request, and upload it. 

  • Shortly after, you can download your certificate in .pem format (arrow in illus.). 

The downloaded Apple Push Certificate is saved.

  • Using Upload Apple Certificate you can now upload your certificate onto the management console. 

The successfully uploaded Apple Push certificate is now displayed in the management console:

Export and import certificate

  • Save a backup of the certificate in .pfx format with Export Apple Push Certi­ficate.
  • With this version of the certificate, you can avoid future need for the procedure described above.
Sicherheitskopie des Apple-Push-Zertifikates speichern
  • Enter a password for your certificate. 
Zertifikatpasswort vergeben
  • Using Import Apple Push Certificate you can install it again anytime.
  • To do so select the certificate with Choose Certificate and enter your password. 
Sicherheitskopie des Apple-Push-Zertifikats hochladen

Renew certificate

The Apple Push certificate is valid for one year (arrow in illus.). 

  • If you would like to extend it beyond that, tap on Renew Apple Push Certificate under Control Panel→ Certifi­cates→ Apple Push Certificate (right arrow in illus.). 

Note! Do not use the Generate Certificate Request button to renew the certificate. Otherwise you will generate a new certificate that has to be distributed to all users again.

  • Then proceed as described above.

The renewed certificate must not be assigned again on the users‘ devices.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.