Create APNs Certificate


The following workflow diagram explains the steps involved in creating APNs certificate and managing the iOS devices.

  1. Create and sign a CSR
  2. Create and upload APNs Certificate
  3. Remove APNs Certificate

If you're using MDM within Desktop Central, you can configure and manage APNs certificate by navigating to Enroll dropdown in the left pane and select APNs Certificate under iOS

Create and sign a CSR

The first step in creating APNs is to create a CSR and get it signed from Zoho Corporation, follow the steps mentioned below:

  1. On the web console, click the Enrollment tab and select APNs Certificate from the iOS dropdown in the left pane.




  2. Specify Corporate Email Address and name of the Organization

  3. Click Create and Sign CSR

  4. Click Next, you can download the Vendor Signed CSR if the signing process is complete. By any chance if the signing process fails, then you can download the CSR and send it to MDM-support@manageengine.com to get it signed manually. The signed file is mailed back to you.

You have successfully created a CSR, and got it signed by Zoho Corporation.

Ensure you have configured Proxy settings and Mail server settings for this process to work. You should also see to it, this URL : https://creator.zoho.com is added to your domain's exception list, to ensure Mobile Device Manager Plus has permissions to reach this URL, to process the vendor signed CSR.

Create and upload APNs Certificate

The Signed CSR, which has been downloaded in step 1, has to be uploaded to the Apple Push Notification portal to create a APNs. Follow the steps mentioned below:

  1. Go to Apple Push Certificate Portal to create the APNs. It is recommended by Apple to use "Safari/Google Chrome/Firefox" browsers while executing the below mentioned steps. Internet Explorer is not recommended to create APNs certificate.

  2. Sign in using a corporate Apple ID and password. A corporate Apple ID or Apple Account is recommended, as this would negate the consequences of an employee quitting the enterprise after using a personal Apple ID for APNs creation. If your organization does not have an Apple ID, create one from https://appleid.apple.com.

    • It is recommended to use a common organization e-mail address for creating the APNs, instead of using employee e-mail address. If APNs created using an employee mail address is being used, the e-mail used can be changed, during APNs renewal as explained here
    • APNs is valid for one year from the day of its creation. It is recommended to use a corporate Apple ID to create APNs. When you renew the APNs certificate, you have to use the same Apple ID. If you happen to use a different Apple ID, then you have to re-enroll all the managed mobile devices.

  3. Once logged in, choose Create Certificate.

  4. After reading terms and conditions Click Accept.

  5. Upload the signed CSR that you received at step 1.

  6. A new certificate for managing the iOS devices appears in the portal.

  7. Download the new Apple signed certificate (MDM_ZOHO_Corporation_Certificate.pem).

  8. On the Mobile Device Manager Plus web console, click Next to upload the APNs certificate, you have downloaded from the Apple Push Notification portal.

  9. Specify the Corporate Apple ID and address to which notification mails should be sent during APNs expiry.

  10. Click Upload to complete the process.

You have successfully uploaded APNs, you can start enrolling your iOS devices.

Remove APNs Certificate

  1. You can remove the APNs certificate only after all the devices have been unmanaged.
  2. Once the APNs certificate is removed, the details of Apple Configurator profile created using the particular APNs certificate is removed. All iOS devices which are enrolled and are yet to be enrolled are also removed and you can not manage any iOS device until you upload a new APNs Certificate.

You may require to remove APNs certificate in the following scenarios:

During the time of APNs renewal, in case you forget the Apple ID used to create the current APNs certificate, you need to remove the existing APNs certificate and upload a new one. You may also need to upload a new APNs certificate when you change the Apple ID used to create APNs certificate and use a Corporate Apple ID.

This can be done by following the steps mentioned below:

  1. On the web console, click the Enrollment tab and select APNs Certificate from the iOS dropdown in the left pane.




  2. Click the Remove APNs button



See Also: Device Authentication, Enroll iOS Devices, Enroll devices using Apple Configurator, Enroll Android Devices, Enroll KNOX Devices, Enroll Windows Devices, Self Enrollment, Customize ME MDM App
Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine