Skip to main content

FairPlay Streaming certificate (new)

Overview

FairPlay Streaming (FPS) is Apple's DRM system for protecting video content on Apple devices. Unlike other DRM systems, FairPlay requires the content owner to issue a certificate. This guide will walk you through the process of getting a FairPlay certificate.

Prerequisites

  • Active Apple Developer account with FairPlay Streaming access
  • OpenSSL installed on your machine
  • Secure storage for private keys and passphrases

If you still need program enrollment or the FPS deployment package from Apple, see Apple Developer Program enrollment and FairPlay Streaming.

NOTICE

Enrolling in the Apple Developer Program is necessary to publish any app to the App Store.

Step 1: Generate private keys and CSRs

You must generate two RSA key pairs:

  • 1024-bit key
  • 2048-bit key

During generation, OpenSSL will prompt you to enter a passphrase that protects the private key. Make sure to store the passphrase securely.

1.1 Generate 1024-bit key and CSR

Open terminal and use this snippet:

openssl req -out csr_1024.csr -new -newkey rsa:1024 \
  -keyout priv_key_1024.pem \
  -subj "/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US"

OpenSSL: generating the 1024-bit key and CSR (1)

Enter the passphrase, then verify passphrase by typing it again.

OpenSSL: generating the 1024-bit key and CSR (2)

1.2 Generate 2048-bit key and CSR

Next, do the same for the 2048-bit key.

openssl req -out csr_2048.csr -new -newkey rsa:2048 \
  -keyout priv_key_2048.pem \
  -subj "/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US"

OpenSSL: generating the 2048-bit key and CSR

OpenSSL: passphrase prompts

Files produced locally

You should see your keys and CSRs on disk.

Generated private keys and CSR files

Step 2: Submit CSRs to Apple and download the FPS bundle

Add new certificate

  1. Go to the Apple Developer website and log in.
  2. Navigate to Certificates, Identifiers & Profiles. Apple Developer: Certificates list
  3. Click + (add new certificate). Apple Developer: Add certificate (plus)Apple Developer: Create certificate — certificate types
  4. Select FairPlay Streaming Certificate and click Continue. Apple Developer: Create certificate — FairPlay Streaming
  5. Select the appropriate SDK version (SDK 26) and click Continue. Apple Developer: Create certificate — SDK selection

Upload CSRs

Apple Developer: Upload CSRs (1)

Upload both CSR files and click Continue.

  • 2048-bit certificate → upload csr_2048.csr.
  • 1024-bit certificate → upload csr_1024.csr.

Apple Developer: Upload CSRs (2)

Download certificate bundle

Click Download. Apple Developer: Download FairPlay certificate bundle

The downloaded file is named fps_bundle.zip.

Share files with Big Blue Marble

After completing the steps above, securely send Big Blue Marble the following so we can configure your FairPlay DRM service:

  • csr_1024.csr
  • priv_key_1024.pem
  • csr_2048.csr
  • priv_key_2048.pem
  • fps_bundle.zip, containing fps_certificate.bin & provisioning_data.bin
  • Passphrase(s) for the .pem files
note

Please share all files and secrets using a secure communication channel. If you are unsure whether your channel is secure, contact Big Blue Marble for guidance.