To use Apple’s FairPlay Streaming (FPS) DRM, a content service provider needs to acquire the “FPS Deployment Package” from Apple and register the following data into their License server.

• FPS Certificate file (.der or .cer)
• Private key file (.pem)
• Private key password string
• Application secret key (ASK) string

This document will guide you through the steps to ensure that your process is accurate.

Step 1: Sign up for an Apple Developer Account and request the Deployment Package

To obtain the FPS Deployment Package, you need an Apple Developer account. If you do not have one, please sign up for an account on the following website:

• https://developer.apple.com/support/enrollment/

Next, click on the “Request Deployment Package” link located at the bottom of the FairPlay Streaming website and log in with your Apple Developer account credentials. Once you complete the application form, you will receive an FPS Credential Creation Guide document after Apple confirms your application.

During the application process, you may be asked whether you have implemented and tested the Key Server Module (KSM). You can respond by stating that you are using a third-party DRM company and that the company has already built and tested the KSM.

Step 2: Create a private key and Certificate Signing Request (CSR)

Create a private key file (privatekey.pem) and a Certificate Signing Request file (certreq.csr) by referring to the guide document included in the package. The OpenSSL method for generating a Certificate Signing Request is as follows:

Please make sure that OpenSSL is installed on the PC or server environment where this process will be performed.

1. Create a private key (privatekey.pem) file
   Run the following command to generate the private key. You should enter any password for the private key and remember it for future use. The password should not exceed 32 characters, and special characters are not allowed.

openssl genrsa -aes256 -out privatekey.pem 1024

2. Create a certificate signing request file
   Run the following command. You can modify the contents of the ‘-subj’ parameter to suit your organization’s needs.

openssl req -new -sha1 -key privatekey.pem -out certreq.csr -subj "/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US"

3. Enter the Private Key password.

Step 3: Create an FPS Certificate in the Apple Developer Portal

Follow these steps to create an FPS certificate in the Apple Developer Portal:

1. Log in to the Apple Developer Portal and go to the “Certificate, IDs & Profiles” menu.
   
2. Click “+” to create a new certificate.
   
3. Select “FairPlay Streaming Certificate”, then click “Continue”.
   
4. Click “Choose File”, select the “certreq.csr” file that you created in the previous step, then click “Continue”.
   
5. Copy and save the “Application Secret Key (ASK)”. Then, paste it into the indicated input field and click “Continue”.
   
6. Once you have saved the ASK string, a pop-up message will appear. Click the “Generate” button.
   
7. The certificate created with the FairPlay Streaming type will appear in the Certificate List once the above process is completed.
   
8. Click “Download” to save the FPS certificate file (fairplay.cer).
   

Step 4: Register FPS Cert into CDNetworks&Irdeto Control

The FPS certificate registration will be handled by CDNetworks and Irdeto. Please send the following files/keys to customer service via a secure method

• ASKey.txt
• fps_certificate.der
• privatekey.pem
• privateKeyPassword (if created during private key generation)