Apple Deployment Programs III: Create Token on Windows
Create your Device Enrollment Program Token
This guide describes the Device Enrollment Program Token creation on a Windows machine.
Download & Install Open SSL
- Download Win64 OpenSSL v1.1.1d Light
- Run the downloaded Win64OpenSSL_Light-1_1_1d.exe
- Press Yes
- Select I accept the agreement
- Click Next
- Select as Folder C:\OpenSSL-Win64
- Click Next
- Click Next
- Click Next
- Click Install
- Unselect the donation
- Click Finish
Download Configuration File
- Download the following CNF File dep.zip
- Add a new folder named cnf in C:\OpenSSL-Win64\bin\
- Extract the zip file and place the CNF File in the Folder C:\OpenSSL-Win64\bin\cnf
Run CMD
- Right Click your Windows Icon
- Click Run
- Enter CMD
- Select OK
- Navigate to C:\OpenSSL-Win64\bin
Create PEM Files
- Run the following command
openssl req -config C:\OpenSSL-Win64\bin\cnf\dep.cnf -newkey rsa:2048 -keyout appledep_key.pem -x509 -days 36135 -out appeldep_certificate.pem
- Enter a pass phrase, e.g. 12345678 and press enter
- Retype the pass phrase
- Enter your Country Name, e.g. DE
- Enter your State or Province Name, e.g. Hessen
- Enter your City, e.g. Frankfurt am Main
- Enter your Organization Name, e.g. Imagoverum
- Enter a common name, e.g. silverback.imagoverum.com
- Enter a email address, e.g. tim.tober@imagoverum.com
Review created files
- Navigate in the Windows Explorer to C:\OpenSSL-Win64\bin\
- You should now see 2 newly created files
- appledep_key.pem
- appeldep_certificate.pem
Create P12 file
- Navigate back to your Command Line
- Run the following command
openssl.exe pkcs12 -export -in appeldep_certificate.pem -inkey appledep_key.pem -out appledep.p12 -name "appledep"
- Enter your previously created pass phrase, e.g. 12345678
- Enter a export password, e.g. 12345678
- You have now successfully create a appledep.p12 file in your C:\OpenSSL-Win64\bin\ folder
Create Public Key
- Run the following command
openssl.exe pkcs12 -in appledep.p12 -out appledep_upload.pem –nodes
- Enter the previously created export password, e.g. 12345678
- You have now successfully create a appledep_upload.pem file in your C:\OpenSSL-Win64\bin\ folder
Upload Public Key
- Login to Apple Business Manager
- Navigate to Settings
- Select Device Management Settings
- Click Add MDM Server
- Enter as Server name e.g. Silverback
- Select Choose File
- Select the appledep_upload.pem
- Press Save
Download Token
- Click Download Token
- Confirm Download Server Token
- You downloaded now a file named like Silverback_Token_2020-01-14T17-08-52Z_smime.p7m
- Paste this file into the C:\OpenSSL-Win64\bin\ folder
Decrypt Token
- Go back to your command line
- Run the following command with your adjusted file name
openssl smime -decrypt -in Silverback_Token_2020-01-14T17-08-52Z_smime.p7m -inkey appledep_key.pem > DEPToken.json
- Enter your previously created pass phrase, e.g. 12345678
- You have now successfully create a DEPToken.json file in your C:\OpenSSL-Win64\bin\ folder
- Open the DEPToken.json with a Text Editor
- Delete everything besidess the line between -----BEGIN MESSAGE----- and -----END MESSAGE-----
| Before | After |
| Content-Type: text/plain;charset=UTF-8 Content-Transfer-Encoding: 7bit -----BEGIN MESSAGE----- {"consumer_key":"langerstring","consumer_ secret":"CS_0a9a300f00","access_token":"geheimtoken","ac cess_secret":"nochnstring","access_token_expiry":"2016-03- 08T00:42:11Z"} -----END MESSAGE----- |
{"consumer_key":"langerstring","consumer_ secret":"CS_0a9a300f00","access_token":"AT_geheimtoken","ac cess_secret":"nochnstring","access_token_expiry":"2016-03- 08T00:42:11Z"} |
- Save the file
Next Steps
- To upload your token into Silverback, proceed first with Import Server Token
- To learn how to configure DEP afterwards , proceed with Apple Deployment Programs V: Configure DEP in Silverback