Skip to main content
Matrix42 Self-Service Help Center

Device Enrollment Program: Token Creation on Windows

Create your Device Enrollment Program Token

This guide describes the Device Enrollment Program Token creation on a Windows machine.

This Knowledge Base article is designed for Silverback 20.0 version and earlier.  With Silverback 20.0 Update 1 a simplified process has been established, which is part of the Device Enrollment Program Integration Guide. 

Download & Install Open SSL

  • Download Win64 OpenSSL v1.1.1d Light
  • Run the downloaded Win64OpenSSL_Light-1_1_1d.exe
  • Press Yes
  • Select I accept the agreement
  • Click Next
  • Select as Folder C:\OpenSSL-Win64
  • Click Next
  • Click Next
  • Click Next
  • Click Install
  • Unselect the donation
  • Click Finish

Download Configuration File

  • Download the following CNF File
  • Add a new folder named cnf in C:\OpenSSL-Win64\bin\
  • Extract the zip file and place the CNF File in the Folder C:\OpenSSL-Win64\bin\cnf


  • Right Click your Windows Icon
  • Click Run
  • Enter CMD
  • Select OK 
  • Navigate to C:\OpenSSL-Win64\bin 

Create PEM Files

  • Run the following command
openssl req -config C:\OpenSSL-Win64\bin\cnf\dep.cnf -newkey rsa:2048 -keyout appledep_key.pem -x509 -days 36135 -out appledep_certificate.pem
  • Enter a pass phrase, e.g. 12345678 and press enter
  • Retype the pass phrase
  • Enter your Country Name, e.g. DE
  • Enter your State or Province Name, e.g. Hessen
  • Enter your City, e.g. Frankfurt am Main
  • Enter your Organization Name, e.g. Imagoverum
  • Enter a common name, e.g.
  • Enter a email address, e.g.

Review created files

  • Navigate in the Windows Explorer to C:\OpenSSL-Win64\bin\
  • You should now see 2 newly created files
    • appledep_key.pem
    • appledep_certificate.pem

Create P12 file

  • Navigate back to your Command Line
  • Run the following command
openssl.exe pkcs12 -export -in appledep_certificate.pem -inkey appledep_key.pem -out appledep.p12 -name "appledep"
  • Enter your previously created pass phrase, e.g. 12345678
  • Enter a export password, e.g. 12345678
  • You have now successfully create a appledep.p12 file in your C:\OpenSSL-Win64\bin\ folder

Create Public Key

  • Run the following command
openssl.exe pkcs12 -in appledep.p12 -out appledep_upload.pem –nodes
  • Enter the previously created export password, e.g. 12345678
  • You have now successfully create a appledep_upload.pem file in your C:\OpenSSL-Win64\bin\ folder

Upload Public Key

  • Login to Apple Business Manager
  • Click on the bottom left on your account
  • Select Preferences
  • Press +Add next to Your MDM Servers
  • Enter as Server name e.g. Silverback
  • Select Choose File
  • Select the appledep_upload.pem
  • Press Save

Download Token

  • Click Download Token
  • Confirm Download Server Token
  • You downloaded now a file named like Silverback_Token_2020-01-14T17-08-52Z_smime.p7m
  • Paste this file into the C:\OpenSSL-Win64\bin\ folder

Decrypt Token

  • Go back to your command line
  • Run the following command with your adjusted file name
openssl smime -decrypt -in Silverback_Token_2020-01-14T17-08-52Z_smime.p7m -inkey appledep_key.pem > DEPToken.json
  • Enter your previously created pass phrase, e.g. 12345678
  • You have now successfully create a DEPToken.json file in your C:\OpenSSL-Win64\bin\ folder
  • Open the DEPToken.json with a Text Editor
  • Delete everything besidess  the line between -----BEGIN MESSAGE----- and -----END MESSAGE-----
Before After
Content-Type: text/plain;charset=UTF-8
Content-Transfer-Encoding: 7bit
-----END MESSAGE-----
  • Save the file 

Import Token in Silverback

Import Server Token

  • Open your Silverback Management Console
  • Login as Administrator
  • Navigate to Admin
  • Navigate to Device Enrollment Program
  • Navigate to General Settings
  • Click Enabled
  • Click Choose File 
  • Upload the DEPToken.json file.
  • Click Save
  • Click Ok
  • Wait a few moment for the system to connect and update with Apple
  • Refresh the Browser Page or navigate to another section and switch back to Device Enrollment Program
  • Congratulations. Silverback is now linked with Apple Device Enrollment Program

Next Steps