Apple with its DRM solution FairPlay Streaming helps distribute streaming media securely via the HLS protocol (HTTP Live Streaming)

FairPlay Certificate Registration Tutorial

In this article, we introduce to you how Apple processes to create DRM certificates in Fairplay Streaming (FPS). Let’s find out more!

About Overview

FairPlay Streaming stands as Apple’s proprietary DRM solution designed to enhance the secure delivery of streaming media to devices utilizing the HTTP Live Streaming (HLS) protocol. Leveraging FairPlay Streaming (FPS) technology, content providers, encoding vendors, and delivery networks gain the capability to encrypt content, facilitate secure key exchange, and safeguard playback across iOS, iPadOS, watchOS 7, tvOS, and macOS platforms

In order to utilize Apple’s FairPlay Streaming (FPS) DRM, individuals must obtain the FPS Deployment Package directly from Apple and furnish their Brightcove representative with the following details:

  • The FPS Certificate file .der or .cer
  • Private key file .pem
  • Private key password string
  • Application secret key (ASK) string

Step 1: Register for an Apple Developer Account and Request the Deployment Package

To obtain the FPS Deployment Package, it is necessary to have an Apple developer account. If you do not possess one, you can proceed to sign up for an account.

Navigate to the FairPlay Streaming website, locate the ‘Request Deployment Package’ link at the bottom, and log in using your Apple developer account credentials.

After submitting your request for the Deployment Package through the provided input form, Apple will confirm and issue a package that includes the FPS Credential Creation Guide document.

During the application process, you will be asked if you have completed the implementation and testing of the Key Server Module (KSM). Please answer: ‘I am using a 3rd party DRM service and the company has already built and tested the Key Server Module’.

Step 2: Generate the Private Key and Certificate Signing Request (CSR)

The subsequent step involves generating a private key file named private key.pem and a certificate signing request file named certreq.csr, following the instructions outlined in the provided guidelines document.

OpenSSL must be installed on the PC or server environment where this process is performed.

The steps below outline the process using OpenSSL to create the CSR file:

  1. Open the OpenSSL command-line tool.
  2. Generate the Private Key File: privatekey.pem by typing and running the following command.
       openssl genrsa -aes256 -out privatekey.pem 1024 
  3. Enter a password for the private key and save it for later use.
       The password should be shorter than 32 characters, and special characters are not allowed.
  4. Generate the Certificate Signing Request file by typing and running the following command.
    The contents of the -subj parameter can be modified to suit your organization’s information.
       openssl req -new -sha1 -key privatekey.pem -out certreq.csr -subj “/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US”
  5. Enter the Private Key password.

Step 3: Generate FPS Certificate on the Apple Developer Portal

  • Log in to the Apple Developer Portal and click Certificate, IDs & Profiles on the left menu
Log in to the Apple Developer Portal
Log in to the Apple Developer Portal
  • In the Certificates subtitle click the button
Certificates subtitle click the button
Certificates subtitle click the button
  • On the Create a New Certificate section, select the FairPlay Streaming Certificate option
Create a New Certificate
Create a New Certificate
  • Click Continue
  • Click Choose File
Choose File
Choose File
  • Select the certreq.csr file created with OpenSSL.
  • Click Continue.
  • Copy the Application Secret Key provided by Apple, and store it safely. If the ASK is compromised, you will no longer be able to protect your content with FPS
Application Secret Key
Application Secret Key
  • Paste the ASK in the space provided.
  • Click Continue
  • Click the Generate button when the pop-up appears to confirm that you have saved your Application Security Key
  • Click Certificates in the left menu to see your FairPlay Streaming Certificate in the list.
  • Click on your Certificate
  • Click the Download button to save the FPS certificate file: fairplay.cer
  • After download the FPS certificate file, please contact your Sigma MultiDRM account manager to finish the process.