FairPlay Streaming certificate

Overview

FairPlay Streaming (FPS) is a DRM system from Apple for protecting video content on Apple OS system devices. Contrary to other DRM systems, FairPlay requires that a certificate is issued by the owner of the content. The below guide will walk you through the process of generating a FairPlay certificate.

Once you receive the certificate please share it with Insys by the secure communication channel, as it will be used for configuring your DRM. Data you will receive from Apple that is required for configuration:

• FPS Certificate file (.cer or .der)
• Application secret key (ASK) string
• Private key file (.pem)
• Private key password string

Step 1: Request Deployment Package via Apple Developer Account

To apply for FPS Deployment Package you need to have an Apple developer account. If you don't have it yet, you can sign up here: https://developer.apple.com/support/enrollment/

1. Establish an Apple ID.
2. Acquire a D-U-N-S number.
3. Enroll as an organization in the Apple Developer Program, which involves an annual membership fee of $99.
4. Request the FPS Deployment Package.

🍎 Sidenote: Enrolling into Apple Developer Program is neccessary to publish any app to AppStore

After creating account and enrolling into Apple Developer Program visit https://developer.apple.com/contact/fps/ and log in with your Apple ID.

Please follow the form and instructions on this page until you get to the end and be issued a package conating The FPS Credential Creation Guide.

Step 2: Create Certificate Signing Request

To request FairPlay Streaming certificate you need to prepare Certificate Signing Request and send it to Apple. To perform below steps you need OpenSSL installed on your PC or server.

1. Generate private key openssl genrsa -aes256 -out fps_privatekey.pem 1024 You will be asked for password for private key. Password should be shorter than 32 characters. Create password and save it for later user.

2. Generate Certificate Signing Request openssl req -new -sha1 -key fps_privatekey.pem -out certreq.csr -subj "/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US" Value of -subj parameter can be adopted to your need. Enter the password you noted down in previous step.

3. Generate Certificate Login to Apple Developer Account http://developer.apple.com/account

Go to Certificates, Identifiers & Profiles and press + in upper right corner

In certificate generate wizard select FairPlay Streaming Certificate, select certificate signing request (generated in step 2) and click Generate.

Important: Save generated ASk key (it will be needed in future and can't be retrieved)!

Enter Application Secret Key (ASk) and click Continue.

Step 3: Share files with Insys

In Apple Developer Account go to Certificates, Identifiers & Profiles and find your new certificate on the list. Click on your certificate and press Download on the Certificate Details page.

Last step is to send two generated files (private key, certificate) and two strings (private key password, ASk) to Insys, so that we can configure your FairPlay DRM service. Please remember to share files and strings using secure communication channel. If in doubt whether selected channel is secure please consult it with Insys.