Loading...
Loading...
One year after the APNs certificate for MDM is generated, it is necessary to renew the certificate in order to continue managing iOS devices.For details on common symptoms of an expired APNs certificate, refer to this article: Commands queued and assignments fail due to expired APNs certificate (79474). The Apple Push Certificate Portal can also be used to confirm whether your APNs certificate is currently marked as Active, Expired, or Revoked by noting the Status of the APNs certificate under the Certificates for Third-Party Servers header. The Expiration Date field indicates when the certificate is scheduled to expire.
This article provides steps on how to renew an Apple Push Notification service (APNs) certificate for Workspace ONE (WS1), formerly known as AirWatch.
If you receive the error "Uploaded certificate mismatches with the AW certificate request" during or after the APNs renewal process, reference this resource for instructions on how to resolve this issue: Error: "Uploaded certificate mismatches with the AW certificate request" when renewing Apple Push Notification service (APNs) certificate for Workspace ONE Important: Be aware of the following prerequisites before starting the renewal process: To perform this task, ensure your Workspace ONE Admin Account has access to the highest Workspace ONE Organization Group within the Workspace ONE UEM Console.Also, you must perform this task at the Organization Group level where the certificate was originally loaded. If your Admin Account does not have access to the highest Organization Group you may not be able to access the necessary settings.You must renew the certificate with the same Apple ID credentials used to get the original certificate. It is also important to renew the same certificate that was originally uploaded in the console. If you use different credentials or renew a different certificate, you are not renewing the certificate but rather generating a new certificate. When you apply this new certificate to the Workspace ONE UEM Console, the communication breaks between the Workspace ONE UEM Console and the iOS devices associated with the original certificate. If this happens, you must then re-enroll every iOS device associated with the original certificate. Using the same Apple ID credentials and certificate for renewal saves the effort of having to re-enroll all your iOS devices.This is a time-sensitive process and must be completed from start to finish within 10 minutes to ensure success.It is equally important that the full process be completed within the same browser session.If restarting this process, be sure to complete all steps from start to finish once again. Note: Refer to the video below for an explanation of the steps involved during the process of renewing your APNs certificate. If further details are required, written instructions are available in this article beneath the video. Renewing Your APNs Certificate from the Apple Push Certificate Portal Navigate to Groups & Settings > All Settings > Devices & Users > Apple > APNs For MDM in the Workspace ONE UEM Console.Click Renew.Follow the prompts on the screen to view the instructions and then click MDM_APNsRequest.plist link to download new Workspace ONE Certificate request (.plist file). Click Go To Apple. Keep the Workspace ONE UEM Console open. You will come back to use the console for operations described in the Entering the Certificate into the Workspace ONE UEM Console section.Sign in using the same Apple ID used to sign into the Apple Push Certificates Portal website previously. Find the certificate with the UID that matches the UID in the certificate that is being renewed. Click Renew to update the certificate due to expire. Click Choose File.Navigate to the .plist file downloaded in step #3 and click Open. Note: If the Apple Push Certificate Portal fails to accept the .plist file, rename the file to end in .csr, .txt, or .rtf and attempt once more. Click Upload, then the following dialog box appears and the renewal of the certificated is completed. Click Download to retrieve the new certificate. Note: Although this is a renewed certificate, it displays as if it is a new certificate in the Apple Certificate Portal and you should now work with this version. Entering the Certificate into the Workspace ONE UEM Console Return to the Workspace ONE UEM Console and click Next.Upload the Apple-signed certificate (.pem file) to Workspace ONE. Enter the same Apple ID used to sign into the Apple Push Certificates Portal website previously.Click Save.When prompted, enter the security PIN. Now the new APNs certificate has been saved in Workspace ONE.Next to Test Connection Over HTTP/2, click the Test Connection button to verify that it is successful. Finally, verify that devices are checking in as expected by navigating to Devices > List View within the Console and performing a sync. Note: When generating and renewing at a top-level Organization Group, set child groups to inherit or override settings and click Save. Other Languages: Apple プッシュ通知サービス (APNs) 証明書の更新方法
For additional details on Workspace ONE requirements for Apple push notifications, review this article: Upgrade Workspace ONE UEM before March 29, 2021 to support Apple Push Notifications over HTTP/2
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.