barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfosign-in-altsignin text-widthtimesyoutube

Apple > Administration

Renewing an Apple Push Certificate

Updated on October 5th, 2022

Your Apple Push Certificate must be renewed once a year in order to retain the MDM communication with your managed Apple devices. This article describes how to renew your certificate in Miradore.

Please note that the Push Certificate can only be renewed with the same Apple ID which was used to create the certificate. Unfortunately, Apple does not provide information about which Apple ID's have been used for previously created Push Certificates.

If you don't know the correct Apple ID or you want to move the existing Push Certificate to another Apple ID, please read this Community post about "Apple Push Certificate: Missing Apple ID?":

To renew your Apple Push Notification Service certificate, watch this short video tutorial or follow the step-by-step instructions below.

YouTube video

How to identify the correct Apple Push Certificate?

If you have more than one Push Certificate created in Apple's Push Certificates Portal, please be sure that you're renewing the correct one.

Miradore's Infrastructure diagram -view:

Renewal of the Apple Push Certificate.

Apple Push Certificates Portal -view (https://identity.apple.com/pushcert/):

Certificates for third-party servers.

If you can't find the correct Push Cert in the Apple's Push Certificates Portal, this due the fact that the Push Certificate has been created with some other Apple ID. Please find the correct Apple ID and login with it to the portal. Unfortunately, Apple does not provide information about which Apple ID's have been used for previously created Push Certificates, highlighting the importance of keeping that information documented.

How to renew the Apple Push Certificate?

1. Navigate to System > Infrastructure diagram where you can see the current status of your Miradore site and configure its settings.

Click the Renew Apple Push Certificate from the page Actions menu. After that, a wizard for renewing the certificate opens on top of the window.

Click Download the CSR to download your certificate signing request and click Next.

Download the CSR file as a part of the renewal of the Apple Push Certificate.

2. Sign in to the Apple Push Certificates Portal and renew the correct and currently installed certificate using the downloaded signing request.

Click Sign in to Apple Portal to proceed to the login page.

Renew the Apple Push Certificate.

3. Log in to your Apple Account.

Sign in to Apple Push Certificates portal.

4. Search for the correct certificate with the same identifier as given in the Renew Apple Push Certificate wizard. If you have multiple certificates click the info balloon and compare:

Subject DN, UID=com.apple.mgmt.External.xxx field to the one that is currently installed.

Please note that it's important to renew the correct certificate in order to retain the MDM communication with the managed Apple devices. If the certificate is changed, your Apple devices must be re-enrolled to Miradore.

After the correct certificate is found, click Renew under actions.

Renew option in the Apple Push Certificates portal.

5. Click Choose file to select the downloaded CSR file (csr.txt).

Choose file option in the Apple Push Certificates portal.

6. After choosing the CSR file click Upload.

Uploading the file in the Apple Push Certificates portal.

7. A confirmation will appear that you have successfully created a new push certificate. Click Download.

Downloading the file in the Apple Push Certificates portal.

Showing the downloaded file on your PC.

8. Go back to the Renew Apple Push Certificate wizard in Miradore and click Next to proceed to the upload step.

Click the Upload the certificate button to select and upload the renewed certificate.

Please note that Miradore accepts only certificate files with .pem file extensions. If your certificate file ends with .cer you can try to rename the file so that it ends with .pem.

Uploading the certificate as a part of the renewal of the Apple Push Certificate.

Finally, you will see a confirmation that the certificate was renewed successfully.

Troubleshooting

The below checklist may help if you experience problems renewing the Apple Push Certificate.

  • Make sure that, in steps 2 and 3, you logged into the Apple Push Certificates Portal using the same Apple ID that was earlier used to create the currently installed certificate.
  • Miradore shows the currently installed certificate's Subject DN in step 2 of the Renew Apple Push Certificate wizard. Compare the provided Subject DN with the certificates in the Apple Push Certificates Portal in order to find the correct certificate. As instructed in step 4 above, you can see the Subject DN of each certificate in the Apple Push Certificates Portal by clicking on the info balloon.
  • In steps 5 and 6, you are asked to upload the Certificate Signing Request file (csr.txt) to the Apple Push Certificates Portal. Make sure that you upload the correct CSR file, which was downloaded during step 1.

If you cannot find the correct certificate from the Apple Push Certificates Portal with a matching Subject DN, or if the certificate renewal doesn't succeed for some other reason (e.g. Apple ID is not known), please feel free to reach out to our support channels for assistance, or reach to Apple on your own via our instruction. If those methods don't work out, then you need to create a new Apple Push Notification certificate and re-enroll your Apple devices to Miradore using the new certificate. For instructions, see Creating an Apple Push Certificate.

Previous Article:
«

Next Article:
»