On 3rd of October 2011, Apple announce its Mobile Device Management(MDM) reference available on iOS provisioning portal. However, the sample code in the reference is fragmentary, especially on 'MDM Vendor CSR Signing Overview' section, which is to generate pList.

Softhinker works out below guidline to facilitate developers on pList generating process :
- There are two roles involved in the entire process : vendor and customer.

- create a CSR using any toolkit, i.e. KeyChain Access on MacBook, then export private key as 'vendor.p12'

- log in to Apple Member Center, and go to 'iOS Provisioning Portal'

- select 'Certificates' on the left navigation bar, and click 'Other' tab on the center.

- follow the instruction on that page, and upload the CSR you created.

- then the certificate for you as a MDM vendor will be available to download on the 'Other' tab. And download it.

- download WWDR intermediate certificate.

- download Apple root certificate.

- execute below openssl command to convert MDM vendor certificate, WWDR certificate, and Apple root certificate to PEM format one by one : 

openssl x509 -inform der -in mdm_identity.cer -out mdm.pem

openssl x509 -inform der -in AppleWWDRCA.cer -out intermediate.pem

openssl x509 -inform der -in AppleIncRootCertificate.cer -out root.pem

- As a customer,

- create a CSR using any toolkit, i.e. openssl : 

openssl genrsa -des3 -out customerPrivateKey.pem 2048

openssl req -new -key customerPrivateKey.pem -out customer.csr

- convert customer.csr to der format : 

openssl req -inform pem -outform der -in customer.csr -out customer.der

- Then use the attached Java program to generate encoded plist, and upload to https://identity.apple.com/pushcert/

- remember to replace the placeholder in the package with your own ones : 

customer.der, vendor.p12, mdm.pem, intermediate.pem, root.pem

- please note that generated plist.xml is not the one to upload, plist_encoded is.