1. Go to Start > Programs > Administrative Tools > Internet Information Services Manager.
2. In the IIS Manager, double-click the local computer.
3. Right-click Web Sites, and then select New > Web Site.

   

4. Click Next, and then enter the Apple Push Notification Service or any desired temporary web site. Click Next.

   

   

5. Leave the IP address to its default value "All Unassigned", and then enter a port that is not being used on the system. In the example below, "8886" is used which is a non-standard port. Click Next.

   

6. Select the Path or the temporary directory, and then click Next.

   

7. Mark the Read check box to set the access permission.

   

8. Click Next, and then click Finish. Apple Push Notification Service shows as a new virtual web site.

   

9. Right-click the Apple Push Notification Service, and then select Properties.
10. Click the Directory Security tab, and then click the Server Certificate...

    

    The Web Server Certificate Wizard starts. Click Next.

    

11. Select Create a new certificate option, and then click Next.

    

12. Select Prepare the request now, but send it later option, and then click Next.

    

13. Enter the following values in the fields provided:
    • Certificate name: Trend Micro Mobile Security for Enterprise MDM APNs
    • Bit Length: 2048 (for the encryption level)

    

14. Mark Select cryptographic service provider CSP for this certificate, and then click Next.

    

15. In the Available Providers window, select Microsoft RSA SChannel Cryptographic Provider, and then click Next.

    

16. In the Organization Information window, type the following, and then click Next:
    • Organization - This is the legally registered name of your organization/company.
    • Organizational unit - This is the name of your department within the organization.

    

17. Enter "Trend Micro Mobile Security for Enterprise MDM APNs" in the Common name field, and then click Next.

    

18. Enter the following information about your organization, and then click Next:
    • Country/Region
    • State/Province
    • City/locality

    

19. In the Certificate Request File Name window, save the CSR to your computer. Write down the location and filename.

    

20. Review the information for the certificate request in the Request File Summary window. Do any of the following:
    • If you want to make revisions, click Back.
    • Otherwise,click Next, Accept, and then click Finish.

    

21. Submit the Certificate Request to Trend Micro Apple Push Notification Portal by:
    1. Open the Trend Micro APNs Certificate Signing Portal.
    2. Fill in the required fields.
    3. Enter your TMMS Activation Code.
    4. Copy and paste your CSR.
    5. Read and accept the Trend Micro License Agreement and Submit.

Option A. Use the certificate signed by Trend Micro.

Upload the CSR to Apple Push Certificates Portal

1. Open your Internet Browser.
2. Enter the following in the address bar:

   https://identity.apple.com/pushcert/

3. Log in by using your Apple ID and password.

   

4. Click Create a Certificate.

   

5. Read the Terms of Use and accept the End User License Agreement.

   

6. Select and upload the signed CSR that Trend Micro sent (.sigfile).

   

7. When the upload is finished, click Download to download the Apple signed certificate (.pem file).

   

Option B. Use the certificate signed by Apple.

Use this option if you already have an existing account in Apple Enterprise Developer (paid subscription). Upload the CSR to your Apple Developer Portal (Apple will sign your certificate).

1. Open the IIS Manager again. Go to Programs > Administrative Tools > Internet Information Services Manager. 
2. Right-click the Apple Push Notification Service web site on the left panel, and then select Properties.

   

3. Click the Directory Security tab and, then click Server Certificate... The Web Server Certificate Wizard starts. Click Next.

   

4. Select the Process the pending request and install the certificate option, and then click Next.

   

5. Browse the PEM file you downloaded from the Apple Push Certificates Portal, and then Click.

   

6. Enter a non-standard HTTPS/SSL port that is not being used in the system.

   

7. On the Certificate Summary screen, verify that the certificate information is correct, and then click Next.

   

8. Click Finish.

1. Open Microsoft Management Console or MMC by:
   1. Go to Start > Run.
   2. Type "MMC", and click OK.
2. Click File, and then select Add/Remove Snap-in...

   

3. Select Certificates from the Available snap-ins, and then click Add.

   

4. Select the Computer account option, and then click Next.

   

5. Select Local Computer: (the computer this console is running on), and then click Finish.

   

6. Click OK to close Add/Remove Snap-in window.

   

7. Double-click Certificates (Local Computer) in the selected snap-ins list.
8. At the Console Root, expand the directory. Select Certificates > Personal > Certificates.

   

9. Right-click the Apple Push Certificate, and then select All Tasks > Export. The Export Wizard opens, then click Next.

   

10. Select Yes to export the private key, and then click Next.

    

11. Select the Personal Information Exchange –PKCS #12 (.PFX) format, and then mark Include all certificates in the certification path if possible and Enable Strong protection (requires IE 5.0, NT 4.0 SP4 or above) check boxes.

    

12. Enter your password then click Next.

    

13. Enter the file name and location of the PFX file.

    

    You will receive the following notification when the export is successful:

    

14. Refer to TMMS 8.0 Installation and Deployment Guide for uploading APNs Certificate to Mobile Security Server.