FairPlay Cert Registration

To use Apple’s FairPlay Streaming (FPS) DRM, the streaming service platform must obtain approval from Apple to generate an FPS certificate, and then register the following data with DoveRunner service.

- FPS Certificate file (.der or .cer)
- Private key file (.pem)
- Private key password string
- Application secret key (ASK) string

This document provides step-by-step instructions to help you process the registration.

Note

If you encounter difficulties with multi-DRM integration testing due to delays in approval from Apple, you can temporarily apply the FPS certificate held by DoveRunner to proceed with testing. However, even in this case, you must generate your own certificate and replace the test certificate in order to launch the production service after testing.

If you need an FPS certificate for integration testing, please reach out to us through our Help Desk.

Step 1: Requesting FPS credentials

An Apple developer account is required for the customer (or iOS app outsourcing developer) to generate an FPS certificate. If you do not have an account, create a developer account at the following site.

• https://developer.apple.com/support/enrollment/

Click Request FairPlay Streaming credentials approval link on Apple’s FairPlay Streaming website and log in with your Apple developer account.

You must have Account Holder permission to request FPS credentials and create the certificate.

Answering questions

In the Request FairPlay Streaming credentials page, answer the questions as guided below. Some questions may have different answers depending on your situation.

1. Does your organization have a working FPS development server where you’ll use the FPS certificate?

   Select Yes.

2. Do you have a third-party streaming distribution partner?

   Select Yes.

3. Streaming Distribution (DRM License Server) Partner Name

   Input DoveRunner Inc..

4. Streaming Distribution (DRM License Server) Partner Website

   Input https://doverunner.com.

5. Your Company

   Input description of your content streaming service.

6. Your Content

   Specify the type of content to be provided in your streaming service (e.g., Hollywood movies, live sports, educational content, etc.) and explain why FairPlay DRM should be applied to that content.

7. Do you own the content you want to stream?

   If the content is your own IP, select Yes; if not, select No. If you select No, you will need to answer follow-up questions about whether you hold a license for the content and your relationship with the content provider.

8. Is this your first request for FPS credentials?

   If you have previously requested FPS credentials with your logged-in Apple Developer account, select No; if this is your first request, select Yes. If you answer No, you will need to provide an additional reason for your request.

9. Do you assert that the account holder of this developer account owns, or has a license to use, the content that you will be streaming?

   Select Yes.

Once you apply for FPS credentials using the application form, Apple will verify your information and issue a package containing instructions for generating FPS certificates.

Step 2: Generating private key and CSR file

Refer to the guide document in the issued package to generate a private key (privatekey.pem) file and a certificate signing request (certreq.csr) file. The following describes the OpenSSL method in the Generating a Certificate Signing Request section of the guide document.

OpenSSL must be installed on the PC or server environment performing this process.

1. Create private key

   • Run the following CLI command to generate a private key.(privatekey.pem)

   openssl genrsa -aes256 -traditional -out privatekey.pem 1024

   • Enter a random private key password in Enter pass phrase for privatekey.pem:. Make sure to write down the private key password string you specified here separately.
   • The private key password length supports up to 32 characters.

   Caution

   To prevent compatibility issues with the generated private key file, be sure to add the -traditional argument to the command.

2. Generate certificate signing request file

   • Execute the following command. The contents of the -subj parameter can be modified to suit the customer’s needs.

   openssl req -new -sha1 -key privatekey.pem -out certreq.csr -subj "/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US"

   • Enter the private key password you specified in the previous step in the input field Enter pass phrase for privatekey.pem:.

Step 3: Generate FPS Certificate

Follow the steps below to generate an FPS certificate from the Apple Developer Portal.

1. In the Account screen of Apple Developer Portal, click on the Certificates link under Certificate, IDs & Profiles category.

2. Click the + button on the screen to go to the Create a New Certificate screen.

3. Select FairPlay Streaming Certificate and click the Continue button.

4. Select SDK 4.x from the SDK version selection screen and click the Continue button.

   Note

   The main difference between SDK 4.x and SDK 5.x is the supported certificate size (1024 bits or 2048 bits). Currently, the FairPlay server for DoveRunner Multi DRM is built with a 4.x version SDK that only supports 1024 bits.

5. Click Choose File, select the certreq.csr file created in the previous step, and then click the Continue button.

6. Copy the Application Secret Key (ASK) string, record it separately, paste it into the blank space below, and then click the Continue button.

7. A pop-up window will appear asking you to confirm that you have recorded the ASK string separately. Click the Generate button.

8. Once the above process is complete, the certificate created as a FairPlay Streaming type will be displayed in the Certificate list.

9. Click the Download button to save the FPS certificate file.

Step 4: Register FPS Certificate in DoveRunner Console

Once the FPS certificate has been generated, register the certificate on the DoveRunner console by following the steps below.

1. Log in to DoveRunner Console website and move to the Multi DRM product.

2. Go to the Multi-DRM > DRM Settings screen from the left menu.

3. Click the Register button in the FPS Cert Registration section of Multi-DRM Settings.

4. Enter the files (private key, certificate) and strings (private key password, ASK) created in the previous process in the pop-up window to register.

Note

If you do not add the -traditional argument to the certificate creation command in step 2, an error may occur during the certificate registration process in the DoveRunner Console. In this case, please register a converted certificate using the following command.

openssl pkey -in privatekey.pem -out privatekey2.pem -aes-256-cbc -traditional

If you perform steps 2 and 3 multiple times for testing purposes, you may end up registering mismatched certificate/private key pairs or incorrect private key passwords. Please take care to register accurate data.

Next Steps

After completing FPS certificate registration, create HLS content protected by FairPlay DRM through Content Packaging and verify playback through Client Player Integration.

For the client integration, set the download URL for the FPS Certification file as https://drm-license.doverunner.com/ri/fpsKeyManager.do?siteId='Site_ID'. You need to replace Site_ID with the service site ID (4 bytes) issued by DoveRunner.