To integrate AppleCare GSX with your Workspace ONE UEM deployment, you must first obtain an Apple certificate and convert them to .p12 format.


  1. Generate a certificate signing request (CSR) using OpenSSL or Java Keytool.
  2. Send the CSR and the following GSX account information to Apple to receive Apple certificates (.pem files).
    1. GSX Sold-To account number
    2. Primary IT contact name
    3. Primary IT contact email
    4. Primary IT contact phone number
    5. Outgoing static IP address of the server that sends requests to GSX Production
      If your environment is hosted on the AW SaaS, refer to for the IP address. If the IP range for your environment is not listed, please open a support ticket to have our Network Operations team facilitate it.

      Apple generates the Apple certificate(.pem) and returns a signed certificate and a chain certificate. For ease of use, rename the files “cert.pem” and “chain.pem” for use in subsequent steps.

      You may also receive a file labeled “issuer” that is not needed for this process.
  3. Convert the Apple certificates to .p12 format.
    1. Create a .p12 file using the private key and Apple certificates by executing the following command:sudo openssl pkcs12 -export -inkey privatekey.pem -in cert.pem -certfile chain.pem -out GSX_Cert.p12
    2. The certificate saves as a .p12 file in the location you specified.
      If you do not specify a path before the file name when running the conversion command, the file saves to your working directory.