I am developing an in-house Mobile Device Management (MDM) solution for internal use within my company and trying to generate an APNs certificate.

I understand that Apple typically requires a CSR signed with an MDM Vendor Certificate, but obtaining this vendor certificate requires special approval.

In my case, I have an Apple Developer (Company) account and access to Apple Business Manager, but when I generate a standard CSR and upload it to the Apple Push Certificates Portal, it gets rejected, while third-party tools seem to work.

Does this mean that obtaining a Vendor Certificate is mandatory in all cases, even for internal MDM solutions, or is there any supported way to generate and use a CSR without vendor signing for private deployments?