FairPlay DRM integration
Learn how to obtain an Apple FairPlay Streaming (FPS) certificate and prepare your deployment package for FastPix DRM integration.
Apple FairPlay Streaming (FPS) protects HLS content across iOS, macOS, and tvOS by encrypting video segments and tying decryption to authorized devices. To enable FPS-protected playback through FastPix, you need four credentials from Apple: a FairPlay certificate, an RSA private key, the key's password, and an Application Secret Key (ASK). This guide provides instructions for obtaining an Apple Developer account, requesting the FPS Deployment Package, generating your private key and CSR with OpenSSL, and downloading the final certificate from the Apple Developer portal.
Contents
- Before you begin
- Phase 1: Apple Developer Account & FPS Deployment Package
- Phase 2: Generate the FairPlay certificate
- What you'll have at the end
Before you begin
Make sure you have the following before starting:
| Requirement | Details |
|---|---|
| OpenSSL | Installed and accessible from your terminal. Used in Phase 2 to generate the private key and CSR. |
| D-U-N-S number | Required for Apple Developer Program enrollment as an organization. Allow up to 14 business days to obtain one. |
| Apple ID | A personal Apple ID to create your developer account and access the Apple Developer portal. |
| $99 USD/year | Annual fee for the Apple Developer Program membership, required to access FPS credentials. |
WARNING: Apple does not allow you to delete or re-create FairPlay credentials for the same account. Follow each step precisely before proceeding.
Phase 1: Apple developer account and FPS deployment package
Step 1: Create an Apple developer account
You need an Apple Developer account to access the FPS Deployment Package.
- Sign in with your Apple ID at developer.apple.com/programs/enroll.
- Select Organization as your entity type.
- Enter your D-U-N-S number when prompted. If you don't have one, request it through Dun & Bradstreet before continuing.
- Complete enrollment and pay the $99 USD annual membership fee.
NOTE: Apple reviews organization enrollments manually. Allow 2–5 business days for approval before proceeding to Step 2.
Step 2: Request the FPS Deployment Package
The FPS Deployment Package contains the FPS Credential Creation Guide, which you need in Phase 2 to generate your certificate correctly.
- Go to the Apple FairPlay Streaming page.
- Click Request Deployment Package.
- When asked whether you have completed implementation and testing of the Key Server Module (KSM), select or enter:
"I am using a third-party DRM company and the company has already built and tested KSM."
- Submit the form. Apple sends the package to your registered email address.
Phase 2: Generate the FairPlay certificate
Step 3: Generate a private key and CSR
Use OpenSSL to generate a private key and a Certificate Signing Request (CSR). You need both to create the FairPlay certificate in the Apple Developer portal.
Generate the private key
Run the following command to generate an AES-256 encrypted RSA private key:
openssl genrsa -aes256 -out fps_privatekey.pem 1024When prompted, enter a password for the private key. Keep the password under 32 characters. Store this password securely, you need it in later steps.
NOTE: OpenSSL prompts you to enter the password twice for confirmation. Both entries must match exactly.
Generate the CSR
Create a Certificate Signing Request using the private key you just generated. Replace the placeholder values with your organization's details:
openssl req -new -sha1 \
-key fps_privatekey.pem \
-out certreq.csr \
-subj "/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US"The following table describes each field in the -subj argument:
| Field | Description | Example |
|---|---|---|
CN | Common name or subject name | MyStreamingService |
OU | Organizational unit (team or department) | Engineering |
O | Organization name | Acme Inc |
C | Two-letter ISO country code | US/ IN |
Step 4: Generate the FairPlay certificate in the Apple Developer portal
Upload your CSR to the Apple Developer portal to generate the FairPlay certificate and retrieve the Application Secret Key (ASK).
-
Open the Certificates section. Sign in to the Apple Developer portal. Navigate to Certificates, Identifiers & Profiles, then select Certificates.
-
Select the certificate type. Click + to add a new certificate. Under Services, select FairPlay Streaming Certificate, then click Continue.
-
Upload the CSR. Click Choose File and upload the
certreq.csrfile you generated in Step 3. Click Continue. -
Save the ASK (Application Secret Key). The portal displays the Application Secret Key (ASK) string. Copy this value and store it in a secure location immediately. You cannot retrieve the ASK after you leave this page.
WARNING: If you lose the ASK, you cannot regenerate it. Apple prohibits deletion or re-creation of FairPlay credentials for the same account. Keep a backup in at least two secure locations.
-
Download the certificate. After confirming you've saved the ASK, click Generate. When the certificate is ready, click Download to save the
fairplay.cerfile.
What you'll have at the end
After completing both phases, you should have the following four artifacts. Keep these details secure, as they are required to configure DRM in FastPix.
| Artifact | Description |
|---|---|
fairplay.cer | The FairPlay Streaming certificate issued by Apple |
fps_privatekey.pem | The AES-256 encrypted RSA private key |
| Private key password | The password you set during key generation (under 32 characters) |
| ASK | The Application Secret Key displayed once in the Apple Developer portal |
Next step: Provide these four artifacts to FastPix to complete your FairPlay Streaming integration.
Updated about 2 hours ago