Hello,
I am currently developing an MDM solution, including both the sever-side(.NET) and the client app. I have recently been granted the "MDM CSR" signing permission in the Certificates, Identifier & Profiles of my developer account.
I am following the official Apple documentation, "Setting up Push Notifications for your MDM Customers," to generate the required MDM Push Certificate. However, I keep encountering the "Invalid Certificate Signing Request" error when uploading the encoded .plist file to the Apple Push Certificates Portal(identity.apple.com/pushcert).
The steps I have taken so far:
- Generated .csr file via Keychain Access
- Used the MDM SCR certificate to sign the request.
- Created a .plist file for th final upload containing :
- Customer CSR: Base64 encoded
- Signature : Signed using the SHA256withRSA algorithm and Base64 encoded.
- Certificate Chain : Including my MDM Vendor Signing Certificate, the Apple WWDR intermediate certificate, and the Apple Root CA.
Issues/Questions:
- Is there a specific requirement for the order of the certificates in the chain?
- Are there common pitfalls regarding the .plist structure or the encoding of the signature that might cause the "Invalid CSR" error?
- Is there a tool or a specific validation step I can use to verify the integrity of the generated .plist before uploading?
I have double-checked the encoding and the signing process, but the portal continues to reject the request. Any insights or guidance from community would be greatly appreciated.
Thank you in advance for your help!