Create a certificate signing request as a "vendor" of Apple's MDM push notification service
Switch branches/tags
Nothing to show
Clone or download
grinich Merge pull request #5 from MaximilianoRios/master
Fixing non-binary mode read
Latest commit 2906f5d Aug 19, 2015
Failed to load latest commit information.
.gitignore Initial commit Apr 23, 2013
LICENSE Add MIT License Nov 26, 2014 Update Mar 20, 2014 Fixing non-binary mode read Jun 16, 2015


Create a certificate signing request as a "vendor" of Apple's MDM push notification service

This script produces the special encoded plist that is uplaoded to the [Apple Push Certificate Portal] ( for creating certificates to work with Apple's Mobile Device Management (MDM) system.

Usually, this certificate is obtained by uploading a certificate request (CSR) to your MDM vendor who then signs the certificate using their MDM Signing Certificate. If you are part of the iOS Developer Enterprise Program, you can request a vendor certificate and do this youself.


This script is what an MDM vendor would use to sign a user-submitted CSR. That user isn't going to submit their private key to the vendor, obviously.

To get an MDM Vendor Certificate from Apple, you need to create a CSR. You need a private key to create the CSR. That private key is the Vendor's private key (mdm_vendor_private.key below). The --mdm argument should point to the MDM certificate that Apple has ussed you.

Note that they don't enable the MDM Vendor program by default. The registered Team Agent needs to email and say something like "I am writing to request a MDM Vendor signing certificate for Acme, Inc. I am listed as the Team Agent for our Enterprise Developer Program account."

Once they accept your request, you should see the following option when creating a new certificate on the developer site:

Provisioning Profile Screenshot

This script is essentially a shortcut for a lot of the stuff in this StackOverflow Question: Apple MDM Vendor CSR Signing. For more details on MDM, I recommend reading this document by the Intrepidus Group.


Run it something like this

python  --csr user_submitted_CSR.csr --key mdm_vendor_private.key --mdm mdm_certifiate_from_apple.cer

Use -h to list the options, as such

$ python -h
usage: [-h] --key KEY --csr CSR --mdm MDM [--out OUT]

This utility will create a properly encoded certifiate signing request that
you can upload to

optional arguments:
  -h, --help  show this help message and exit
  --key KEY   Private key
  --csr CSR   Certificate signing request
  --mdm MDM   MDM vendor certificate
  --out OUT   Output filename

It has a few dependencies that you might need to pip install...