Customer WS1 Wiki: How to renew an Apple Push Notification service (APNs) certificate

How to renew an Apple Push Notification service (APNs) certificate

One year after the APNs certificate for MDM is generated, it is necessary to renew the certificate to continue managing iOS devices. Once EDR UEM team gets renewal notification, technician must engage the customer.
The Apple Push Certificate Portal can also be used to confirm whether your APNs certificate is currently marked as Active, Expired, or Revoked by noting the Status of the APNs certificate under the Certificates for Third-Party Servers header. The Expiration Date field indicates when the certificate is scheduled to expire.

Renewing Your APNs Certificate from the Apple Push Certificate Portal

1. Navigate to Groups & Settings > All Settings > Devices & Users > Apple > APNs For MDM in the Workspace ONE UEM Console.

2. Click Renew.

3. Follow the prompts on the screen to view the instructions and then click MDM_APNsRequest.plist link to download new Workspace ONE Certificate request (.plist file).

4. Click Go To Apple. Please keep the Workspace ONE UEM Console open. You will come back to use the console for operations described in the Entering the Certificate into the Workspace ONE UEM Console section.

5. Sign in using the same Apple ID used to sign into the Apple Push Certificates Portal website previously.

6. Find the certificate with the UID that matches the UID in the certificate that is being renewed.

7. Click Renew to update the certificate due to expire.

8. Click Choose File.

9. Navigate to the .plist file downloaded in step #3 and click Open.

10. Click Upload, then the following dialog box appears and the renewal of the certificated is completed.

11. Click Download to retrieve the new certificate.

Note: Although this is a renewed certificate, it displays as if it is a new certificate in the Apple Certificate Portal and you should now work with this version.

Entering the Certificate into the Workspace ONE UEM Console

1. Return to the Workspace ONE UEM Console and click Next.

2. Upload the Apple-signed certificate (.pem file) to Workspace ONE. Enter the same Apple ID used to sign into the Apple Push Certificates Portal website previously.

3. Click Save.

4. When prompted, enter the security PIN. Now the new APNs certificate has been saved in Workspace ONE.

Note: When generating and renewing at a top-level Organization Group, set child groups to inherit or override settings and click Save.

Last modified: Tuesday, 14 June 2022, 5:55 PM