FairPlay Certificate Registration Tutorial
To use Apple’s FairPlay Streaming (FPS) DRM, a content service provider should acquire
FPS Deployment Package from Apple and register the below data with PallyCon service.
- FPS Certificate file (.der or .cer)
- Private key file (.pem)
- Private key password string
- Application secret key (ASK) string
This document will guide you step by step to ensure that your process is accurate.
Step 1: Sign up Apple Developer Account and Request Deployment Package
You need Apple developer account to get the
FPS Deployment Package. Sign up for the account on the below site if you don’t have one.
If you apply for the Deployment Package according to the input form, you will be issued a package containing the
FPS Credential Creation Guide document after Apple’s confirmation.
During the application process, you will be asked if you have completed the implementation and testing of the
Key Server Module (KSM). This can be answered by saying, ‘I am using a 3rd party DRM company and the company has already built and tested KSM’.
Step 2: Create Private Key and Certificate Signing Request(CSR)
Create a private key (privatekey.pem) file and a certificate signing request (certreq.csr) file by referring to the guide document in the package. The following describes OpenSSL method in
Generating a Certiﬁcate Signing Request section of the guide.
OpenSSL must be installed on the PC or server environment where this process is performed.
- Create a private key (privatekey.pem) file
- Run the following command to generate the private key:
openssl genrsa -aes256 -traditional -out privatekey.pem 1024
- Enter any password for the private key and make a note of it for later use.
- The password should be shorter than 32 characters.
- Create a certificate signing request file
- Run the following command: The contents of the -subj parameter can be modified to suit your organization.
openssl req -new -sha1 -key privatekey.pem -out certreq.csr -subj "/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US"
- Enter the private key password from the above process.
Step 3: Create FPS Cert at Apple Developer Portal
Log in to the Apple Developer Portal as shown below and go to the
Certificate, IDs & Profilesmenu.
+button on the menu screen to move to the
Create a New Certificatescreen.
FairPlay Streaming Certificateitem and click the
Choose File, select the
certreq.csrfile created in the previous step and click the
Application Secret Key (ASK)string, record it separately, paste it in the space below and click the
A pop-up will appear to confirm that you have recorded the ASK string separately. Click the
When the above process is completed, the certificate created with
FairPlay Streamingtype will be displayed in the
Downloadbutton to save the
FPS certificate file(fairplay.cer).
Step 4: Register FPS Cert at PallyCon Console Site
Log in to PallyCon Console site.
DRM Settingscreen under
Registerbutton in the
FPS Cert Registrationsection of
Enter the files (private key, certificate) and strings (private key password, ASK) created in the previous steps in the pop-up window.
Note: If you have performed Step #2 multiple times for testing, you may encounter a mismatch of certificate / key pairs or invalid private key passwords. Please be careful to register the correct data.
This completes the
FairPlay Cert Registration Tutorial.
The download URL of FPS certification file is
https://license-global.pallycon.com/ri/fpsKeyManager.do?siteId='Site_ID'. Input your
Site_IDwhich is issued by PallyCon Cloud service. (4byte)