Renew Apple MDM Push Certificate in Endpoint Manager

Benoit LecoursSCCMLeave a Comment

5
(4)

To enroll and manage iOS/MAC devices into Endpoint Manager, you need to create an Apple MDM Push Certificate. These certificates expire 365 days after you create them and must be renewed manually in the Endpoint Manager portal.

You will receive a notification email 30 days before the Apple MDM Push Certificate expires. It’s strongly recommended to renew the certificate before the expiration method.

If you don’t renew the certificate in time, you will need to re-enroll all Apple devices. In a lab environment, this can be done easily, but in a production environment with a hundred or thousand devices, this could mean a nightmare.

This post will describe how to Renew Apple MDM Push Certificate in Endpoint Manager

Verification

Besides the expiration email, you can see that your certificate is expired or the expiration date in the Endpoint Manager Portal.

Antoher sign that your Apple MDM Push Certificate is expired would mean that users can’t access company ressource because the default company policy would block them.

If you tries to enroll the device, the company portal will send an error :

Couldn’t add your device. Contact your IT Admin for assistance with this issue. APNSCertificateNotValid

Renew Apple Certificate Endpoint Manager

Renew Apple MDM Push Certificate in Endpoint Manager

Hopefully, you found out before your certificate expires…right ??… For this post, our certificate is expired for a while. The procedure to Renew Apple MDM Push Certificate in Endpoint Manager is still the same.

So this is how to do it :

  • In the Configure MDM Push Certificate pane
  • Check the agreement in #1
  • In the second step (#2), click on Download your CSR. A file will download in your browser. Keep this file for the next step
  • On the third step (#3), click on Create your MDM Push Certificate
  • You’ll be redirected on the Apple Push Certificate Portal
  • Login using the Apple ID used to create the certificate in the first place
  • In the Certificate Portal, select your Mobile Device Management Certificate and click Renew
Renew Apple Certificate Endpoint Manager
  • In the Renew Push Certificate Portal, click the Choose file button and provide the Intune.CSR file that you’ve downloaded in the previous step
Renew Apple Certificate Endpoint Manager
  • Click Upload
  • On the next page, click Download. The MDM_ Microsoft Corporation_Certificate.pem file will download. Keep this file for the next steps.
  • Back in the Endpoint Manager Portal
  • Complete step 4 by entering your Apple ID
  • Complete step 5 by entering the MDM_ Microsoft Corporation_Certificate.pem that you just downloaded
  • Click Upload at the bottom
Renew Apple Certificate Endpoint Manager

Validation

Once completed, refresh the page and look at the top of the pane. You certificate should show ACTIVE and the Days until expiration will show 365

Renew Apple Certificate Endpoint Manager

You’ve successfully renewed Apple MDM Push Certificate in Endpoint Manager. You can now re-enroll your device if the certificate was expired. You don’t have anything else to do on your Apple device if the certificate was still valid before the renewal process.

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 4

No votes so far! Be the first to rate this post.

Leave a Reply