Live

Certificates

Vendor cert management + customer CSR generation — no terminal required

Reign Zero MDM Vendor cert

Used to sign customer APNs CSRs so Apple sees "Reign Zero" as the MDM vendor.

Not uploaded
Upload / replace vendor cert

Key is re-encrypted at rest using CERT_UTIL_PASSPHRASE before writing to disk. Cleartext never touches storage.

Generate customer CSR

Creates a private key + CSR, signs the CSR with your vendor cert, hands you the files ready for Apple.

Close the APNs loop

After the customer downloads the .pem from identity.apple.com, drop it here along with their private key. The Hub uploads both to MDM — customer never touches the MDM UI.

The {customer}-apns.key you downloaded when generating the CSR.

Inspect a cert

Upload a .pem or .crt — get subject, issuer, expiry, SAN entries. Sanity-check before uploading anywhere critical.

Workflow for each new customer's APNs cert:

  1. Click "Generate + sign" above → download {customer}-apns.key and {customer}-apns-signed.csr
  2. Give the customer their signed CSR + instructions to upload it at identity.apple.com under their Apple ID
  3. Customer downloads the returned APNs cert (.pem) from Apple
  4. Customer uploads both the .pem AND the .key into their MDM tenant (Settings → Integrations → MDM → Apple Push Certificate)
  5. Done. Apple sees Reign Zero as the vendor; the MDM backend doesn't know or care who signed the CSR.