Hardware reference guide
GlobalProtect Administrator’s Guide 71
Set Up the GlobalProtect Mobile Security Manager Set Up the Mobile Security Manager for Device Management
Step 5 Obtain a certificate for the Apple Push
Notification Service (APNs).
The APNs certificate is required for the
Mobile Security Manager to be able to
send push notifications to the iOS devices
it manages. To obtain the certificate, you
must create a certificate signing request
(CSR) on the Mobile Security Manager,
send it to the Palo Alto Networks signing
server for signing and then send the
request to Apple.
Create a shared Apple ID for your
organization to ensure that you
always have access to your
certificates.
1. To create the CSR, select
Setup > Certificate Management >
Certificates
and then click Generate.
2. Enter a
Certificate Name and a Common Name that identifies
your organization.
3. In the
Number of Bits field, select 2048.
4. In the
Signed By field, select External Authority (CSR).
5. For the
Digest, select sha1 and then click Generate.
6. Select the CSR from the certificate list and then click
Export.
7. In the Export CSR dialog, select
Sign CSR for Apple Push
Notification Service
from the File Format drop-down and then
click
OK. The Mobile Security Manager automatically sends the
CSR to the Palo Alto Networks signing server, which returns a
signed CSR (.csr), which you should save to your local disk.
8. Open a new browser window and navigate to the Apple Push
Certificates Portal at the following URL:
https://identity.apple.com/pushcert
9.
Sign in using your Apple ID and password and then click
Create a Certificate. If this is your first login, you must Accept
the Terms of Use before you can create a certificate.
10. Click
Choose File to browse to the location of the CSR you
generated and then click
Upload. After the certificate is
successfully generated, a confirmation displays.
11. Click
Download to save the certificate to your local computer.
12. On the Mobile Security Manager, select
Setup > Certificate
Management > Certificates > Device Certificates
and click
Import.
13. In the
Certificate Name field, enter the same name you used
when you created the CSR.
14. In the
Certificate File field, enter the path and name to the
certificate (.pem) you downloaded from Apple, or
Browse to
locate the file.
15. Select
Base64 Encoded Certificate (PEM) as the File Format
and then click
OK. The CSR entry on the certificate list changes
to a certificate with the
Issuer Apple Application Integration
Certification Authority
and a Status of valid.
Set Up the Mobile Security Manager for Device Check-In (Continued)