Renew APNs Certificate

This document explains the steps involved in renewing APNs certificate. Always use a corporate Apple ID than a personal one. If the APNs certificate has expired, then you can no longer manage the iOS devices. In such cases, you have to remove the APNs certificate and re-enroll the devices to manage them. So it is recommended to renew APNs well in advance before expiry. The APNs should be renewed and uploaded in the Mobile Device Manager Plus MSP server at least a month before it gets expired, to ensure all devices get the renewed APNs certificate. In case you renew the APNs a few days before the expiry, the devices will receive the renewed APNs once they come in contact with the server.

    (Not applicable for MDM MSP Cloud)

  • If you are using Desktop Central versions below Build 90072, refer to the steps available for renewing CSR at your local installation servername:8020/help/mobile_device_management/iOS/MDM MSP_renew_apns_certificate.html
  • Ensure you have configured Proxy settings and Mail server settings for this Renewal process to work. You should also see to it, this URL : https://creator.zoho.com is added to your domain's exception list and Mobile Device Manager has permissions to reach this URL, to process the vendor signed CSR.
  • If you're using MDM MSP within Desktop Central, you can configure and manage APNs certificate by navigating to Enroll dropdown in the left pane and select APNs Certificate under iOS

There are 2 stages in renewing an APNs certificate, they are

  1. Create and sign a CSR
  2. Renew and Upload APNs

Create and sign a CSR

To create and get the CSR signed from Zoho Corporation, follow the steps mentioned below:

  1. On the web console, click the Enrollment tab and select APNs Certificate from the iOS dropdown in the left pane.




  2. Click the Renew APNs Certificate button, to invoke the renewal process. Renew APNs button appears 3 months before your APNs expires.
  3. You can download the Vendor Signed CSR if the signing process is complete. By any chance if the signing process fails, then you can download the CSR and send it to MDM MSP-support@manageengine.com (if you're using MDM MSP On-Premises) or MDM MSPcloud-support@manageengine.com (if you're using MDM MSP Cloud) to get it signed manually. The signed file is mailed back to you.

Renew and Upload APNs

  1. Upload the Signed CSR to the Apple Push Notification Portal as mentioned below:
    1. Go to https://identity.apple.com/pushcert/ (Apple Push Certificate Portal website) to renew the APNs. Use "Safari/Google Chrome/Firefox" browsers, while executing the below mentioned steps. Internet Explorer is not recommended for renewing APNs certificate.
    2. Sign in using the corporate Apple ID and password, you used the previous time while creating the APNs certificate.

      Ensure you use the same Apple ID which you have used while creating the APNs for the first time, else you have to re-enroll all the managed mobile devices. If you have generated more than one APNs certificate using the same Apple ID, then You can refer to the image below to identify the appropriate APNs certificate.


  2. Once logged in, choose Renew Certificate by selecting the certificate based on expiry date and UID as explained below. You can verify if the UID is same as the previous APNs certificate which is about to expire in the Mobile Device Manager Plus MSP server.


  3. After reading terms and conditions Click Accept.
  4. Upload the signed certificate you received from Zoho Corporation.
  5. A new certificate for managing the iOS devices appears in the portal.
  6. Download the new Apple signed certificate (MDM MSP_ZOHO_Corporation_Certificate.pem).
  7. On the Mobile Device Manager Plus MSP web console, click Next to upload the APNs certificate you have downloaded from the Apple Push Notification portal.
  8. Click Upload to complete the renewal process.
You have successfully renewed and uploaded the APNs certificate, so you can continue managing your iOS devices.

Changing the E-mail address used for APNs

APNs created using employee e-mail address instead of an organization-based e-mail address, APNs cannot be renewed in the following scenarios:

Thus, it is ideal in having APNs created using organization-based e-mail address. To change the e-mail address, follow the steps mentioned below:

  1. Login to Apple with the Apple ID used for creating APNs. Click on Edit under the Accounts section.
  2. Click on Change E-mail Address... under the Apple ID section. Specify the new E-mail address. This e-mail shouldn't be associated with any other Apple ID.
  3. Click on Continue and follow the on-screen instructions to change the e-mail.
  4. Go to the MDM MSP console, click on Enrollment tab and select APNs certificate, under iOS section.
  5. After clicking Renew APNs button, you'll be shown the Apple ID which was used to create the APNs.
  6. Click on the link Change my Apple ID, which present adjacent to the Apple ID. Follow the on-screen instructions and update the Apple ID.

Migration of APNs certificate from one Apple ID to another

In case the login credentials associated with your APNs certificate cannot be remembered or, if you prefer to migrate the APNs certificate from one Apple ID to another, you can raise a ticket with Apple Developer Program Support. You will have to provide the serial number of the particular APNs certificate in hexadecimal format to proceed. The hexadecimal converted serial number will be readily available on the MDM server.

You can contact Apple Developer Program Support by phone or web.

See Also: Device Authentication,Enroll iOS Devices, Enroll devices using Apple Configurator, Enroll Android Devices, Enroll KNOX Devices, Enroll Windows Devices, Self Enrollment,Customize ME MDM MSP App
Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine