Mike Swanson
e8ac7598de
- Update guru-rmm submodule pointer (SPEC-017 mobile device support) - Record Apple Developer + MDM Push certs (acquired 2026-05-29); MDM push cert renews annually on the same Apple ID or all enrolled iOS devices break Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
24 lines
1.4 KiB
Markdown
24 lines
1.4 KiB
Markdown
---
|
|
name: project_apple_mdm_certs
|
|
description: ACG holds Apple Developer + MDM Push certificates (acquired 2026-05-29) for GuruRMM mobile/MDM; MDM push cert renews annually or all enrolled iOS devices break
|
|
metadata:
|
|
type: project
|
|
---
|
|
|
|
As of 2026-05-29, Arizona Computer Guru holds both Apple certificates needed for GuruRMM
|
|
mobile device support ([[SPEC-017]], `projects/msp-tools/guru-rmm/docs/specs/SPEC-017-mobile-device-support.md`):
|
|
|
|
1. **Apple Developer Program enrollment + Distribution/code-signing cert + APNs (.p8) key** — unblocks
|
|
iOS app build, signing, TestFlight/App Store distribution, and silent push (iOS Phase 1).
|
|
2. **Apple MDM Push Certificate** (from Apple Push Certificates Portal, identity.apple.com) — unblocks
|
|
iOS true remote lock/wipe via an MDM enrollment profile (iOS Phase 2).
|
|
|
|
**Why:** These were the iOS blockers in SPEC-017. Both iOS phases are now Apple-cert-unblocked;
|
|
remaining iOS work is engineering (MDM-protocol implementation), not credential acquisition.
|
|
|
|
**How to apply:** The **MDM Push Certificate expires annually and must be RENEWED on the same Apple ID**
|
|
— regenerating a fresh cert, or losing the Apple ID it was issued under, silently invalidates the MDM
|
|
enrollment of EVERY iOS device and forces fleet-wide re-enrollment. Record the owning Apple ID and set
|
|
a renewal reminder ~30 days before expiry. TODO: capture the exact owning Apple ID + expiry date (not
|
|
yet recorded — ask Mike).
|