MDM Server Apple Certificate: Certificate Signature Verification failed

Question

I want to create a MDM server to manage my iOS devices. I have enrolled in iOS Enterprise Developer program. And executed the following openSSL commands

"1. Creating Certificate Authority (CA)"
openssl req -new -x509 -extensions v3_ca -keyout cakey.key -out cacert.crt -days 365

"2. Creating the Web Server private key and certificate request"
openssl genrsa 2048 > server.key
openssl req -new -key server.key -out server.csr 

"3. Signing the server key with the CA. You'll the CA passphrase from step 1."
openssl x509 -req -days 365 -in server.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out server.crt -extfile ./server.cnf -extensions ssl_server

"4. Creating the device Identity key and certificate request"
openssl genrsa 2048 > identity.key
openssl req -new -key identity.key -out identity.csr

"5. Signing the identity key with the CA. You'll the CA passphrase from step 1."
openssl x509 -req -days 365 -in identity.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out identity.crt
openssl pkcs12 -export -out identity.p12 -inkey identity.key -in identity.crt -certfile cacert.crt

"6. Generating keys and certs for plist generation"
openssl req -inform pem -outform der -in identity.csr -out customer.der

I uploaded the generated identity.csr and got an MDM certificate. With customer.der, AppleWWDRCA.cer, AppleIncRootCertificate.cer, MDM.cer (obtained from iOS Enterprise Developer) and with Identity.p12 I created a Java code to generate encoded plist file. I used this file and got APNSPushCert. It worked fine.

Now the problem is that the IP address of the computer got changed and I don't want to create the new MDM Vendor certificate.

As I understand the only place I mention the IP is server.cnf. I changed the IP in server.cnf and executed all the commands except 4. I placed the identity.key and identity.csr in the same folder before executing. Now every thing works fine but when I upload the encoded plist file for getting APNSPushCert site says Certificate Signature Verification failed.

I really don't understand what went wrong.

Answer 1

The customer.der file is a file that keeps changing for every execution. Hence, the customer.der file generated at the first time is used again. It is working fine now.