Skip to main content

FairPlay Streaming certificate

Overview

FairPlay Streaming (FPS) is Apple's DRM system for protecting video content on Apple devices. Unlike other DRM systems, FairPlay requires the content owner to issue a certificate. The guide below will walk you through the process of generating a FairPlay certificate.

Once you receive the certificate, please share it with Insys by a secure communication channel, as it will be used for configuring your DRM. The following data received from Apple is required for configuration:

  • FPS Certificate file (.cer or .der)
  • Application Secret Key (ASk) string
  • Private key file (.pem)
  • Private key password string

Step 1: Request Deployment Package via Apple Developer Account

To apply for the FPS Deployment Package, you need an Apple Developer account. If you don't have it yet, you can sign up here: https://developer.apple.com/support/enrollment/

  1. Establish an Apple ID.
  2. Acquire a D-U-N-S number.
  3. Enroll as an organization in the Apple Developer Program, which involves an annual membership fee of $99.
  4. Request the FPS Deployment Package.

Enroll

NOTICE

Enrolling in the Apple Developer Program is necessary to publish any app to the App Store.

After creating an account and enrolling into Apple Developer Program, visit https://developer.apple.com/contact/fps/ and log in with your Apple ID.

Follow the instructions on this page until you receive a package containing The FPS Credential Creation Guide.

Step 2: Create Certificate Signing Request

To request a FairPlay Streaming certificate you need to prepare a Certificate Signing Request and send it to Apple. To perform the steps below, you need OpenSSL installed on your PC or server.

  1. Generate a private key openssl genrsa -aes256 -out fps_privatekey.pem 1024
    You will be asked for password for a private key. The password should be shorter than 32 characters. Create a password and save it for later use.

  2. Generate a Certificate Signing Request openssl req -new -sha1 -key fps_privatekey.pem -out certreq.csr -subj "/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US"
    The value of the -subj parameter can be customized to your needs. Enter the password you noted down in the previous step.

  3. Generate a Certificate
    Login to the Apple Developer Account http://developer.apple.com/account

  4. Go to Certificates, Identifiers & Profiles and press + in upper right corner. Apple Developer account

  5. In the certificate generation wizard, select FairPlay Streaming Certificate, select a certificate signing request (generated in step 2) and click Generate.

    Upload CSR file

caution

Save the generated ASk key (it will be needed in the future and can't be retrieved)!

  1. Enter the Application Secret Key (ASk) and click Continue.

    Enter Application Secret Key

Step 3: Share files with Insys

In you Apple Developer Account go to Certificates, Identifiers & Profiles and find your new certificate on the list. Click on the certificate and select Download on the Certificate Details page.

The last step is to send the two generated files (private key, certificate) and two strings (private key password, ASk) to Insys so that we can configure your FairPlay DRM service.

note

Please remember to share the files and strings using a secure communication channel. If you're unsure whether your selected channel is secure, please contact Insys for guidance.