Skip to main content
Matrix42 Self-Service Help Center

Apple Deployment Programs III: Create Token on Windows

Create your Device Enrollment Program Token

This guide describes the Device Enrollment Program Token creation on a Windows machine.

Download & Install Open SSL

  • Download Win64 OpenSSL v1.1.1d Light
  • Run the downloaded Win64OpenSSL_Light-1_1_1d.exe
  • Press Yes
  • Select I accept the agreement
  • Click Next
  • Select as Folder C:\OpenSSL-Win64
  • Click Next
  • Click Next
  • Click Next
  • Click Install
  • Unselect the donation
  • Click Finish

Download Configuration File

  • Download the following CNF File dep.zip
  • Add a new folder named cnf in C:\OpenSSL-Win64\bin\
  • Extract the zip file and place the CNF File in the Folder C:\OpenSSL-Win64\bin\cnf

Run CMD

  • Right Click your Windows Icon
  • Click Run
  • Enter CMD
  • Select OK 
  • Navigate to C:\OpenSSL-Win64\bin 

Create PEM Files

  • Run the following command
openssl req -config C:\OpenSSL-Win64\bin\cnf\dep.cnf -newkey rsa:2048 -keyout appledep_key.pem -x509 -days 36135 -out appeldep_certificate.pem
  • Enter a pass phrase, e.g. 12345678 and press enter
  • Retype the pass phrase
  • Enter your Country Name, e.g. DE
  • Enter your State or Province Name, e.g. Hessen
  • Enter your City, e.g. Frankfurt am Main
  • Enter your Organization Name, e.g. Imagoverum
  • Enter a common name, e.g. silverback.imagoverum.com
  • Enter a email address, e.g. tim.tober@imagoverum.com

Review created files

  • Navigate in the Windows Explorer to C:\OpenSSL-Win64\bin\
  • You should now see 2 newly created files
    • appledep_key.pem
    • appeldep_certificate.pem

Create P12 file

  • Navigate back to your Command Line
  • Run the following command
openssl.exe pkcs12 -export -in appeldep_certificate.pem -inkey appledep_key.pem -out appledep.p12 -name "appledep"
  • Enter your previously created pass phrase, e.g. 12345678
  • Enter a export password, e.g. 12345678
  • You have now successfully create a appledep.p12 file in your C:\OpenSSL-Win64\bin\ folder

Create Public Key

  • Run the following command
openssl.exe pkcs12 -in appledep.p12 -out appledep_upload.pem –nodes
  • Enter the previously created export password, e.g. 12345678
  • You have now successfully create a appledep_upload.pem file in your C:\OpenSSL-Win64\bin\ folder

Upload Public Key

  • Login to Apple Business Manager
  • Navigate to Settings
  • Select Device Management Settings
  • Click Add MDM Server
  • Enter as Server name e.g. Silverback
  • Select Choose File
  • Select the appledep_upload.pem
  • Press Save

Download Token

  • Click Download Token
  • Confirm Download Server Token
  • You downloaded now a file named like Silverback_Token_2020-01-14T17-08-52Z_smime.p7m
  • Paste this file into the C:\OpenSSL-Win64\bin\ folder

Decrypt Token

  • Go back to your command line
  • Run the following command with your adjusted file name
openssl smime -decrypt -in Silverback_Token_2020-01-14T17-08-52Z_smime.p7m -inkey appledep_key.pem > DEPToken.json
  • Enter your previously created pass phrase, e.g. 12345678
  • You have now successfully create a DEPToken.json file in your C:\OpenSSL-Win64\bin\ folder
  • Open the DEPToken.json with a Text Editor
  • Delete everything besidess  the line between -----BEGIN MESSAGE----- and -----END MESSAGE-----
Before After
Content-Type: text/plain;charset=UTF-8
Content-Transfer-Encoding: 7bit
-----BEGIN MESSAGE-----
{"consumer_key":"langerstring","consumer_
secret":"CS_0a9a300f00","access_token":"geheimtoken","ac
cess_secret":"nochnstring","access_token_expiry":"2016-03-
08T00:42:11Z"}
-----END MESSAGE-----
{"consumer_key":"langerstring","consumer_
secret":"CS_0a9a300f00","access_token":"AT_geheimtoken","ac
cess_secret":"nochnstring","access_token_expiry":"2016-03-
08T00:42:11Z"}
  • Save the file 

Next Steps

  • Was this article helpful?