Skip to main content
Matrix42 Self-Service Help Center

Apple Deployment Programs VI: Renew your DEP Token

Renew your DEP Token

Due to security reasons the connection between any Mobile Device Management and the Apple Business Manager needs to be refreshed every year. Due to this process, you need to create a new public key, upload the key to Apple Business Manager, download the Server Token, modify it and upload it to Silverback.

Create your Public Key 

For creation of  a Public Key for your Device Enrollment Program you'll need the following: 

  • Mac Computer with latest macOS and
    • Apple macOS Keychain application (built-in)
    • Apple macOS Terminal application (built-in)
    • Apple macOS TextEdit application (built-in)

If your organization should not have an Apple macOS computer, please contact Matrix42 Support or your Matrix42 Partner Consultant.

Create Unique Certificate 

  • Log into your Mac Computer
  • Open Keychain Access Application. Go to Launchpad and type Keychain
  • From the top left, ensure “Login” is selected and then “My Certificates at the bottom
  • Click the Keychain Access Menu from the top of your screen
  • Click Certificate Assistant
  • Click Create a Certificate
  • Enter your as Name e.g. Imagoverum
  • Ensure that Identity Type is “Self Signed Root” and that Certificate Type is set to “S/MIME (Email)”
  • Click the Create button
  • Click Continue
  • Click Done

Export Certificate 

  • Right Click your created certificate
  • Select Export 
  • Give the Certificate as friendly name, e.g silverback
  • Ensure that Personal Information Exchange (.p12) is selected
  • Choose the Downloads folder to store the silverback.p12 file there
  • Click Save

For the purposes of this document, we will call the file “silverback.p12”, this is referenced in some commands later in the document. If you name the file differently, you will need to adjust the commands appropriately.

  • Enter a Password, e.g. Pa$$w0rd and keep it in your memory
  • Click OK
  • Enter your MacOS Login password
  • Click Always Allow

Change Certificate Format 

  • Open Terminal Application
  • Enter cd downloads
  • Enter ls to see you silverback.p12 file list
  • Now enter the following command 
    • openssl pkcs12 -in silverback.p12  -out silverback.pem -nodes
  • Enter the your created password, e.g. Pa$$w0rd
  • Press Enter
  • To ensure the silverback.pem is listed use again ls command

If you copy and paste the text from this document, the command might fail, please type out this command manually if you receive errors.

Create the Keys 

  • Now navigate to Finder
  • Click Go
  • Click Downloads
  • Right click your certificate.pem file
  • Select Open with
  • Choose other
  • Select TextEdit
  • Click Open 

Read Instructions 

When you have opened the pem file with TextEdit, the displayed content will have the structure shown in the table.  We need to copy & paste the Certificate Part and the Public Key Part into two different new text files with the ending .key .

  • certificatepublic.key: Will be used to register your Server on Apple
  • certificateprivate.key: Will be used for Decrypt the Token from Apple and creating your unique Silverback DEPToken. 

Please ensure that you will copy the part of your text on your file, do not copy and paste the displayed one in the table below

  • Read the table and proceed with steps below
Value Action to take

Bag Attributes

 friendlyName: CompanyName

 localKeyID: 6D 41 81 8D C1 C4 FC 7B C1 4C 24 E0 97 DA 2C 77 DB 9C B5 F1

subject=/CN=CompanyName/C=AU

issuer=/CN=CompanyName/C=AU

No action

-----BEGIN CERTIFICATE-----

MIIC6TCCAdGgAwIBAgIBATALBgkqhkiG9w0BAQswIzEUMBIGA1UEAwwLQ29tcGFu

eU5hbWUxCzAJBgNVBAYTAkFVMB4XDTE1MDMwNjAwNTgyN1oXDTE2MDMwNTAwNTgy

gVglG0SWc/QzJfIcyRXUEW4rFJ9joEBnyeN4jibKPWvB5RKqh5lly/5H5nljp+6

pX7EwM63aVmsd5MxEVMT8isAXDVi+DWkzBHc4fQ=

-----END CERTIFICATE-----

Save this text part in a separate file named certificatepublic.key

(Certificate Area)

Bag Attributes

    friendlyName: CompanyName

    localKeyID: 6D 41 81 8D C1 C4 FC 7B C1 4C 24 E0 97 DA 2C 77 DB 9C B5 F1

Key Attributes: <No Attributes>

No action

-----BEGIN PRIVATE KEY-----

MIIEpAIBAAKCAQEA7marEWleBfTWC1nF8uf2PRputQJeAEnyZfP/D0TO22W2TIzT

jd4NWETfehzq3e/W5WcjQ79NNNAq9KwxsPPNq5OEJFzDEgdZGV0enHaEfi4i7YSK

j9BSH3ECgYAYcXHzjg5tcTQVaHfkI8X/hd9w56iSJC3gEdEC7WnGOiSeqhp/ZeP8

iXZVp66EuajK4QwMYHE2lpzqxTAieWYYmA3sic+uLU3zBdjjBNmWKcUE/soqzel9

ySfNSOx+SHxE+fCOw19udZapVwHyt93lehjkImMJqhgEJRd6QMcIwg==

-----END PRIVATE KEY-----

  • Save this text part in a separate file named certificateprivate.key

(Private Key Area)

Create and Save Files 

  • Now Select the Certificate Area
  • Press cmd + c to copy the content in your clipboard
  • Click File
  • Click New
  • Click Format
  • Click Make Plain Text
  • Press cmd + v to paste the content
  • click cmd + s to open Save Wizard
  • Enter as name certificatepublic.key
  • Select your Downloads folder to store the key
  • Uncheck If no extension is provided, use ".txt".
  • Click Save
  • Repeat the steps for the private key Area and save it as certificateprivate.key
  • Your Download folder should now have both files listed
    • certificateprivate.key
    • certificatepublic.key

Upload new public key

  • Login or open to Apple Business Manager
  • Navigate to Settings
  • Navigate to MDM Servers
  • Select your Silverback Server
  • Click Edit
  • Scroll down 
  • Click Upload New
  • Select the certificatepublic.key file with the included Public Key that you created
  • Proceed with Choose
  • Click Save

Download Server Token 

  • Now Click Get Token
  • Confirm with Download Server Token
  • Now we need to decrypt that Server Token
  • The token file should be stored under Downloads
  • Check your Downloads Folder for a .p7m file
  • Copy the name of the complete file into your clipboard

Decrypt Server Token 

  • Navigate back to Terminal Application
  • Type openssl smime -decrypt -in and press cmd + v 
  • Add now -inkey and add certificateprivate.key
  • Add at the End >DEPToken.json 
  • Press Enter

The complete command should look similar to this:

openssl smime -decrypt -in Filename.p7m -inkey certificateprivate.key > DEPToken.json

If you copy and paste the text from this document, the command might fail,  so better type this command manually.

  • Check your Downloads folder, there should be now the DEPToken.json file listed

Edit Server Token 

  • Right Click the DEPToken.json file
  • Open with TextEditor (check if it still displayed in plain-text editor mode)
  • Remove the header & footer information as shown in the table below
  • Save the file 
  • Proceed with Import Server Token
Before After

Content-Type: text/plain;charset=UTF-8

Content-Transfer-Encoding: 7bit

-----BEGIN MESSAGE-----

{"consumer_key":"CK_e568c2688a621bb0400247fd7cf05ef19be58cba1cb26a0ec35c","consumer_secret":"CS_0a9a300f00","access_token":"AT_O8190583125113472c01f6cO1425861731668","access_secret":"AS_968be8277c0694d27df040d4765","access_token_expiry":"2016-03-08T00:42:11Z"}

-----END MESSAGE-----

{"consumer_key":"CK_e568c2688a621bb0400247fd7cf05ef19be58cba1cb26a0ec35c","consumer_secret":"CS_0a9a300f00","access_token":"AT_O8190583125113472c01f6cO1425861731668","access_secret":"AS_968be8277c0694d27df040d4765","access_token_expiry":"2016-03-08T00:42:11Z"}

Import Server Token 

  • Open your Silverback Management Console
  • Login as Administrator
  • Navigate to Admin
  • Navigate to Device Enrollment Program
  • Click Enabled
  • Click Choose File 
  • Upload the DEPToken.json file
  • Click Save
  • Click Ok
  • Wait a few moment for the system to connect and update with Apple
  • Refresh the Browser Page or navigate to another section and switch back to Device Enrollment Program
  • Congratulations, you successfully renewed your DEP Token
  • Was this article helpful?