Renewing the APNs certificate

Follow these steps to renew the Apple Push Notification Service (APNs) certificate on an iOS or macOS device that is managed by MaaS360®.

About this task

MaaS360 requires the APNs certificate to manage iOS or macOS devices. The administrator must renew the certificate one time every 365 days. The MaaS360 Portal notifies the administrator when the certificate is expiring on a user device. The administrator must renew this certificate before the certificate expires. If the certificate expires, the administrator might be unable to manage iOS and macOS devices in their organization, which might result in the administrator manually unenrolling and then enrolling all Apple devices in the system again. MaaS360 provides a workflow for the APNs renewal process that the administrator must complete before the expiration of the APNs certificate.

Procedure

  1. From the MaaS360 Portal Home page, select Setup > Services.
  2. From the Mobile Device Management section, click More to expand the section.
  3. Click the Plus sign (+) icon to expand the Apple MDM Certificate section.
    The topic ID and the Apple ID that are associated with the account is displayed.
    Important: You must use the same Apple ID each time you renew the APNs certificate. Using a different Apple ID might result in a loss of control of all iOS and macOS devices.
  4. Click Renew Now.
  5. Enter the Apple ID that you used to originally create the APNs certificate, and then click Generate certificate.
    The Certificate Signing Request (CSR) is automatically generated. This process might take up to 5 minutes. Stay on the CSR generation page until the certificate is generated. The CSR is sent by email to the specified account or click Download to upload the CSR and save the file to your system.
  6. Click Open next to the orange arrow to open the APNs site in another window (or access the link directly at https://identity.apple.com/pushcert).
  7. Log in to the Apple site with your Apple ID, locate the APNs certificate that you want to use, and then click Renew.
    Note: If multiple certificates are listed, make sure that you select the APNs certificate that you used previously before you click Renew. You can compare the expiration date for the APNs certificate that you selected to confirm that you are using the right certificate.
  8. Click Choose File to browse to the CSR.txt file, upload the certificate file in the Apple Push Certificates Portal, and then click Upload.
  9. Click Download to download the PEM file.
  10. Click OK to save the PEM file to your Downloads folder, and then click Next.
  11. In the MaaS360 Portal, click Browse to upload the certificate to MaaS360.
  12. Locate the MDM_Fiberlink_Communications.pem file in your Downloads folder, and then click Open.
  13. Type a password, and then click Upload. This password has no minimum security requirement. You can use any password to upload the APNs certificate. This password is not required again and is only used to encrypt the APNs certificate.
    Note: If a Topic Change error message is displayed, then you renewed an incorrect certificate and the process is not complete.
  14. Return to step 1 and select the correct APNs certificate.
    The APNs certificate is created.
  15. Click Close.