mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 17:08:53 +00:00
25d9a2b043
#23760 Manual QA done: 1. Get the current APNS key using tools/mdm/assets tool. 2. Convert it to a PKCS8 key like: `openssl pkcs8 -topk8 -inform PEM -outform PEM -in mdm_assets/apns_key.key -out mdm_assets/apns_pkcs8.key -nocrypt` 3. Delete all `apns` and `scep` rows from `mdm_config_assets` DB table. 4. Point to the PKCS8 key like: ``` export FLEET_MDM_APPLE_APNS_KEY=/Users/victor/work/fleet/mdm_assets/apns_pkcs8.key export FLEET_MDM_APPLE_APNS_CERT=/Users/victor/work/fleet/mdm_assets/apns_cert.crt export FLEET_MDM_APPLE_SCEP_CERT=/Users/victor/work/fleet/mdm_assets/ca_cert.crt export FLEET_MDM_APPLE_SCEP_KEY=/Users/victor/work/fleet/mdm_assets/ca_key.key export FLEET_MDM_APPLE_SCEP_CHALLENGE=$(cat /Users/victor/work/fleet/mdm_assets/scep_challenge) ``` This step may be tricky. Might be simpler to spin up a fresh Fleet server with the SCEP/APNS values. 5. Start fleet server. Make sure APNS works by pushing/deleting a profile. 6. Renew APNS cert and make sure the new cert still works. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
1 line
100 B
Text
1 line
100 B
Text
Allow APNS key to be in unencrypted PKCS8 format, which may happen when migrating from another MDM.
|