How To Renew Your MDM Apple Push (APNS) Certificate

book

Article ID: 158570

calendar_today

Updated On:

Products

Mobile Management

Issue/Introduction

Apple MDM Push (APNS) certificates must be renewed regularly.  Failure to renew your certificate before it expires may cause you to lose MDM communication with managed iOS devices.

 

Resolution

To renew your Apple Push Notification Service MDM certificate:

  1. Log into the Notification server as an Administrator.
  2. Open the Altiris console; go to Home > Mobile Management > Settings > iOS Enrollment.
  3. In the right pane, under Apple Push / MDM Certificate, locate the thumbprint for your current/old APNs certificate.
  4. On the MMS server, open the "Certificates" MMC, in the Personal store, locate the APNs certificate with thumbprint that matches the thumbprint from above. Note the old certificate subject and expiration date. The portion of subject you want to verify typically starts like "com.apple.mgmt.External.a3d274...".
  5. In the Altiris console, in the right pane under Apple Push / MDM Certificate, click Request Signed CSR File.
  6. Follow the instructions that are provided at the CSR request Web site. Important: You want to request a new CSR.  Do not reuse the old CSR.
  7. Once you have your Symantec-signed CSR (plist file), log into the Apple Push Certificates Portal using a Firefox/Safari/Chrome browser.
  8. Under "Certificates for Third-Part Servers", locate the corresponding APNS certificate that you recorded the certificate subject information for in step 3. Verify this certificate expire date matches your current/old certificate expire date. You should be able to click on the information "i" next to the "Renew" button to compare the subjects. Verify that the subjects match exactly.
  9. Select "RENEW" and upload the signed CSR (plist file) to Apple.
  10. Apple will either email you your certificate or you can download the renewed certificate from the portal.  This will be in the form of a PEM file.
  11. After you receive the certificate PEM file from Apple, go back to the iOS Enrollment Settings page. 
  12. Under Apple Push / MDM Certificate, click Import to complete the installation of the certificate. Locate the certificate you just downloaded from Apple and click OK. You should not require a password.
  13. Click Save changes on the iOS Enrollment Settings page.
  14. The certificate should be imported into the certificate store on the NS and MMS servers. The certificate thumbprint should be displayed on the iOS Enrollment Settings page.  MMS configuration files should be updated automatically within moments.

Note: It's important to log into the Notification server when performing this procedure.  The CSR creation process requires that you return to the Notification server with the PEM file to import it into the console.  This matches the correct private key that was originaly created during the CSR request.


Applies To

Symantec Mobile Management

Apple iOS