Albert is the iPhone activation server, which attests certificates for use in Apple Push Notification Service and other services.
MacOS Activation
Generate an 1024 bit RSA activation key. Send an HTTP POST to https://albert.apple.com/deviceservices/deviceActivation?device=MacOS
with a URLEncoded form:
activation-info
: non-binary plist of Activation Request
Activation Request
ActivationInfoComplete
: (bool)true
ActivationInfoXML
: (data) non-binary plist of Activation InfoFairPlayCertChain
: (data) FairPlay certificate chain of signatureFairPlaySignature
: (data) FairPlay SHA1 RSA signature for ActivationInfoXML
Activation Info
ActivationRandomness
: Random UUID (uppercase)ActivationState
:Unactivated
BuildVersion
: OS Build Number eg.23D60
DeviceCertRequest
: (data) PEM encoded cert requestDeviceClass
:MacOS
ProductType
: SMBIOS Model eg.MacBookPro18,3
ProductVersion
: MacOS Version eg.14.3.1
SerialNumber
: Device SerialUniqueDeviceID
: Device UUID (uppercase)
Cert Request
X.509 Certificate Request, Signed with Activation Key
- Common Name:
Client Push Certificate
- Version: 0
- Public Key: Activation Key
Activation Response
An XML document containing the <Protocol> element with a plist:
<plist version="1.0"> <dict> <key>device-activation</key> <dict> <key>ack-received</key> <true/> <key>activation-record</key> <dict> <key>DeviceCertificate</key> <data>(PEM-encoded cert chain)</data> </dict> <key>show-settings</key> <true/> </dict> </dict> </plist>