Watchman Monitoring does not provide GSX Access
Watchman Monitoring leverages AppleCare's GSX API to provide Authorized Service Providers (AASP) a means of automatically looking up the status of AppleCare Expirations attached to computer records.
Due to Apple's terms and conditions, automated warranty lookup requires you to provide a valid AppleID with access to GSX.
If your organization owns many Apple devices, you can reach out to Apple for a Self Servicing account at:
We leverage existing GSX Access. Unfortunately, we are unable to grant GSX access.
AppleCare SSL Certificate Information
Watchman Monitoring is worked directly with AppleCare to help streamline their certificate authentication process.
As of June 2015, AppleCare has whitelisted our IP Addresses. This means that you do not need to add our IP range into your SSL Certificate request.
Activating Automatic AppleCare Lookups
Once you have your AppleCare provided SSL Certificate, follow the Warranty Updater Setup instructions:
In compliance with AppleCare's guidelines, GSX Lookups are performed by the Subscriber using a valid AppleCare provideded certificate, from an IP they have whitelisted.
This tool needs to be installed on just one computer in your organization. The tool is lightweight, and is well suited to run on the same Mac which handles runs AST diagnostics gateway.
Subscribers may look up warranty status for multiple Watchman Monitoring accounts from a single computer/certificate/ip, by creating additional entries in the Warranty Updater tool.
Setting up A GSX User
- Use an existing Apple ID, or create a new Apple ID at https://appleid.apple.com.
Using the same Appled ID as your AST Server should work fine.
- Confirm that this AppleID can login to your GSX Account at https://gsx.apple.com .
Note: Two-Factor Authentication is required, and can take up to 3 days to activate.
- Click Settings at the top. Click Permissions.
- Confirm "My Privileges" can “Access Web Services”.
Ensure Web Services is selected Global Service Exchange in the MyAccess account management area.
- Log into MyAccess
- Go to My Team
- Select the User
- Select Global Service Exchange
- If you do not see Web Services in Access Roles > Optional Privileges, click Update Access and select Web Services.
- Locate the confirmation email and approve the change.
AppleCare GSX Certificate Creation
This process assumes that you already have a valid Sold-to account with Apple, and it has been granted access to gsx.apple.com.
For those who have GSX Access (Authorized Service Providers, Resellers, Self-Servicing accounts, etc) you can follow the certificate creation instructions we published here:
This will step you through the process of creating two key & csr pairs (testing & production) on your computer, and send the .csr files to AppleCare for signing.
AppleCare issues each "Sold-to" one testing and one production certificate. The certificate, and its related key, can be used on any system that Sold-To manages. The systems which use them may be your JSS Server, a Lightspeed On-Site Point of Sale system, PIMs Point of Sale, your own home-brewed system, or in conjunction with a Watchman Monitoring subscription.
Another key point is that in addition to certificate based access, the GSX API can only be accessed from static IP Address(es) which are whitelisted by AppleCare. They will whitelist many IP addresses as you need, but will not work with dynamically assigned addresses from your ISP.
For those who have servers at locations without static IP addresses, we have a number of subscribers who have successfully tunneled their solution's access to the 22.214.171.124/8 block over a VPN to a static IP Address they do have.