Skip to main content

FAQ | FairPlay

General​

What is the impact of getting a new FairPlay certificate and what are the changes need to be done?​

If you decide to get new FairPlay configurations for some reason, this will not affect the playback of content encrypted while using the previous certificate. FairPlay DRM relies on the certificate to generate licenses. As long as the certificate is properly shared with Axinom and the player requests a license with the correct certificate, playback will continue. You can follow the steps defined in Sharing FPS Dataset with Axinom documentation to share FPS dataset with Axinom. If you have offline scenario, those old licenses will work until the license duration and new licenses will be generated with new certificate when the device request a new license.

You should consider the following instructions:

  • The new fairplay dataset should be shared with Axinom without an issue.

  • The new fairplay certificate should be uploaded into a publicly available web server with CORS support for production use.

  • The newly added fairplay certificate URL should be used in the license request.

Can I add multiple Fairplay certificates to the same Environment(a Single DRM tenant)?​

Yes, You can add multiple certificates to the same environment.

Does the FairPlay Certificate Expire?​

Apple’s FairPlay production certificates do not expire. The expiration date you see in the certificate copy does not impact its functionality. If your current certificate works without any issues, you can continue using it without concern.

How to ensure the FPS cert is issued by my app?​

The FPS certificate needs to be hosted by the customer in a way that best fits their system architecture. The essential requirement is that all FairPlay players must load this certificate before they can request licenses. Additionally, the license service must have the corresponding data set up, including the certificate, private key, and secret key, as specified in the "FairPlayDataSet.json" configuration file.

Key Considerations:

  1. Ease of Certificate Replacement:

    To facilitate easy replacement of the certificate when necessary, it is generally advised not to hard-code the certificate into the app. While this is technically possible (allowing you to provide the certificate data directly to players without a URL), it is not recommended.

  2. Serving the Certificate:

    A preferred method, especially when using DRM on board, is to serve the certificate from a local server. This could be the same server that hosts the license service or a different one. In scenarios where multiple on-board servers are used, the license service server might be under higher security due to its role in hosting the content key material. In such cases, hosting the certificate on the media server or another appropriate server might be more suitable. This approach ensures that any changes to the certificate will automatically propagate to all players, simplifying the management process.

While a production certificate may rarely need replacement, these considerations will help ensure that any necessary changes can be made smoothly and efficiently.

Was this page helpful?