Your Apple Push Certificate must be renewed once a year in order to retain the MDM communication with your managed Apple devices. This article describes how to renew your certificate in Miradore.
NOTE! The Push Certificate can only be renewed with the same Apple ID which was used to create the certificate. Unfortunately, Apple does not provide information about which Apple ID's have been used for previously created Push Certificate.
If you don't know the correct Apple ID or you want to move the existing Push Certificate to another Apple ID, please read this Community post about "Apple Push Certificate: Missing Apple ID?":
How to identify the correct Apple Push Certificate
If you have more than one Push Certificate created in Apple's Push Certificates Portal, please be sure that you're renewing the correct one.
Miradore's Infrastructure diagram -view:
Apple Push Certificates Portal -view (https://identity.apple.com/pushcert/):
If you can't find the correct Push Cert in the Apple's Push Certificates Portal, this due the fact that the Push Certificate has been created with some other Apple ID. Please find the correct Apple ID and login with it to the portal. Unfortunately, Apple does not provide information about which Apple ID's have been used for previously created Push Certificates, highlighting the importance of keeping that information documented.
How to renew the Apple Push Certificate
1. Navigate to System > Infrastructure diagram where you can see the current status of your Miradore site and configure its settings.
Click the Renew Apple Push Certificate from the page Actions menu. After that, a wizard for renewing the certificate opens on top of the window.
Click Download the CSR to download your certificate signing request and click Next.
2. Sign in to the Apple Push Certificates Portal and renew the correct and currently installed certificate using the downloaded signing request.
Click Sign in to Apple Portal to proceed to the login page.
3. Log in to your Apple Account.
4. Search for the correct certificate with the same identifier as given in the Renew Apple Push Certificate wizard. If you have multiple certificates click the info balloon and compare:
Subject DN, UID=com.apple.mgmt.External.xxx field to the one that is currently installed.
Note that it's important to renew the correct certificate in order to retain the MDM communication with the managed Apple devices. If the certificate is changed, your Apple devices must be re-enrolled to Miradore.
After the correct certificate is found, click Renew under actions.
5. Click Choose file to select the downloaded CSR file (csr.txt).
6. After choosing the CSR file click Upload.
7. A confirmation will appear that you have successfully created a new push certificate. Click Download.
8. Go back to the Renew Apple Push Certificate wizard in Miradore and click Next to proceed to the upload step.
Click the Upload the certificate button to select and upload the renewed certificate.
Finally, you will see a confirmation that the certificate was renewed successfully.
The below checklist may help if you experience problems renewing the Apple Push Certificate.
- Make sure that, in steps 2 and 3, that you logged into the Apple Push Certificates Portal using the same Apple ID that was earlier used to create the currently installed certificate.
- Miradore shows the currently installed certificate's Subject DN in step 2 of the Renew Apple Push Certificate wizard. Compare the provided Subject DN with the certificates in the Apple Push Certificates Portal in order to find the correct certificate. As instructed in step 4 above, you can see the Subject DN of each certificate in the Apple Push Certificates Portal by clicking on the info balloon.
- In steps 5 and 6, you are asked to upload the Certificate Signing Request file (csr.txt) to the Apple Push Certificates Portal. Make sure that you upload the correct CSR file, which was downloaded during step 1.
If you cannot find the correct certificate from the Apple Push Certificates Portal with a matching Subject DN, or if the certificate renewal doesn't succeed for some other reason (e.g. AppleID is not known), then you need to create a new Apple Push Notification certificate and re-enroll your Apple devices to Miradore using the new certificate. For instructions, see Creating an Apple Push Certificate.
Please send comments to firstname.lastname@example.org.