Apple MDM Profile Renewal Troubleshooting

When you click "Renew," you will be brought to a 3 step process:

Step 1: Re-enter your Apple iTunes ID (remember this must be the one listed already on your MaaS360 Portal on the main services page under Mobile Device Management. You will get errors if it is different or if your browser automatically signs you into a different iTunes ID. Always verify these IDs match when you get to the Apple website.) Once you enter your Apple iTunes ID, you will have a Generate certificate button. This button is NOT for creating your Apple MDM Certificate. This button generates a CSR.txt file needed to renew your certificate through the Apple website you'll see in Step 2. One common misstep with this process is taking the CSR.txt file created in Step 1 and going straight to Step 3 to upload it. This will give you an error message because the CSR.txt file is NOT the MDM Certificate you need to Browse for in Step 3. Once you click Generate certificate, you will get a button to Download the CSR.txt file. Save it somewhere easy to find. See screen captures:

Step 2: Apple Push Certificate - This step has a link to Apple's website for the Push Notifications Portal or APNS. You will need to log in to this portal with the iTunes ID listed in your MaaS360 portal on the Services page. This iTunes ID must match, or you will receive errors. Click The Go to Apple's Push Certificate Portal button and log in.

Once you log in to the Apple Push Certificates Portal, you will see your certificate and a Renew button on the right of your certificate. Do NOT click the green Create a Certificate button in the upper right if you are trying to renew your certificate. If you have more than one certificate in your Apple Push Certificates Portal, you can click the small I bubble next to the Renew button to view the Subject DN. This Subject DN should match the Apple MDM Topic in your MaaS360 portal on the services page. If they do not match, you will get an error. Use the I bubble to find the matching Subject DN and Renew just that certificate.

Screen capture of the Subject DN example:

After finding the correct certificate and click Renew

You will be asked to browse for a file. That file is the CSR.txt file that was downloaded from the MaaS360 portal. This file is unique to each renewal instance, so make sure you're either deleting the CSR.txt each time or tracking which CSR.txt file you're using and always use the most recent one.

After Choose File - CSR.txt above, click Upload, and you should get the following screen:

Click Download on the above page, and you should get a file that starts with MDM_Fiberlink and is in .pem file format. This is the only file format the last step (Step 3) in MaaS360 will accept.

Step 3: Upload Certificate - Once you have the .pem file from the Apple website, come back to the MaaS360 portal and click continue to proceed to step 3. In this step, you need to Browse for the MDM_ Fiberlink Communications_Certificate.pem file and create/confirm a password. This password cannot contain <, > or $ special characters. Once you have entered the password and confirmed it, the Continue button at the bottom will be enabled. 

After completing step 3, you should see "Apple enrollment successfully enabled!" and a Continue button. You have now renewed your Apple MDM Certificate, which will stay valid for a full calendar year.