Tips on how to generate and renew Apple Push Notification Service to manage devices at work

7 min read

by Mosyle Team

@mosyle_biz

Tips on how to generate and renew Apple Push Notification Service to manage devices at work

One of the first steps required when managing Apple devices is to create the Apple Push Notification Service, more popularly known as the Apple Push Certificate. The IT administrators that are beginners sometimes asks our specialists about creating the APNs and even IT pros have questions about the annual renewal procedure of this certificate.

Regardless of whether you are a beginner or a pro, the steps that can help you get the task done are in this article and will help you answer any questions that you may have. Do you know what the Apple Push Certificate is? What does it do? And why it is required for managing Apple devices? Keep reading to find out!

What is Apple Push Notification Service or Apple Push Certificate

The Apple Push Certificate is a platform service created by Apple for third-party application users to send push notifications to iOS devices. When integrated with the mobile device management solution, this Push Certificate and the MDM's domain have a trusted connection between them.

Keep in mind that this is the only secure way that Apple devices will receive commands created from any mobile device management solution, including Mosyle solutions. Since this communication occurs between servers, the network infrastructure is critical and you can learn more about this in our special guide.

Since creating the Push Certificate step is very important and it's one of the first operations you need to complete when you configure your Mosyle account, you will have to go through the following steps in order to create or renew their Apple Push Certificate. Let's start with how to create an Apple Push Certificate. Doing so will allow you to safely send commands to the devices.

How to create the Apple Push Notification Service

When you are just getting started to manage your Apple devices, you will need to create the Push Certificate. But if you are switching mobile device management solutions, you need to create a new Push Certificate when setting up your new MDM software solution.

The first step is to log in to your Apple mobile device management solution and follow the specific instructions to download the CSR file that will allow you to create the APNs. If you are a Mosyle Business customer, navigate to "Push Certificate" and then click the download button.

Then, navigate to Apple's Portal to create your Apple Push Notification Service. Navigate to identity.apple.com/pushcert and log in with your organization's Apple ID. It's very important that you keep these credentials in a safe place, since the Push Certificate will have to be renewed annually using the same Apple ID. We will cover this topic further in this article.

After you login into the Apple's portal, click "Create a Certificate", read the Terms and Conditions, and click on “Accept” to continue. In the sequence, fill out the field with what you see fit to keep track of your APNs tokens. You will upload the CSR file downloaded from your MDM solution, then proceed to download the .PEM file.

Going back to your MDM solution, navigate to the Push Certificate area and upload the .PEM file and save the profile. Once you have completed this integration that enables the servers to communicate safely, you can send the management commands to the Apple devices using the device management solution.

Due to security matters, the Push Certificate expires yearly, so you'll need to renew the certificate after a year. The steps below will help you understand this process.

Discover the most transparent, predictable, cost-effective MDM solution for Enterprise

Don’t break your bank, estimate your savings and learn more about the plans that better fit your enterprise’s budget.

See Plans and Pricing Mosyle Business

Why is it important to protect the Apple ID used to create the APNs

The integration between the APNs and the MDM servers is one of the most important steps when managing the devices. That's why it should be done very carefully in order to keep your Apple devices fleet completely safe.

In this sense, remembering the credentials you used to create the Apple Push Notification Service token is extremely critical. First, do not use a personal Apple ID to create this token and follow the best practices when creating passwords in order to protect your devices from any misuse of APNs tokens.

Since you will need this information to annually renew the certificate, you need to remember the Apple ID used to complete this integration. This renewal is required precisely due to security and privacy matters. If you do not remember the Apple ID used and renew the certificate using other credentials, you will have to start the enrollment process all over again.

When completing the integration of the Push Certificate, it will generate the Apple push topic, or what we call UID. As a third-party solution, the MDM will only have access to the UID of the Certificate due to Apple’s privacy policies. The Apple ID used by the organization to generate the Certificate is not provided to the MDM provider - that’s why it’s important to remember the credentials used.

How to renew the Apple Push Certificate

One year after you initially created your Apple Push Certificate, it is time to renew the integration. It’s important to carefully follow the steps to renew the certificate because, if the original token is replaced or revoked, the MDM solution will not be able to communicate with the Apple devices, which means the enrollment process will have to be redone.

Now we will share all of the steps in order to make this process easy. The steps to renew the certificate are similar to the steps you completed when creating a new one.

To renew your APNs, first log in to your MDM solution and follow the specific instructions to download the CSR file that will let you renew the Push Certificate. If you use Mosyle Business as your mobile device management solution, navigate to the Push Certificate area within the Organization tab, click the “Renew” button and download the file.

In the sequence, navigate to the Apple's portal https://identity.apple.com/pushcert and log in using the same Apple ID you used to create the Push Certificate. If you don’t use the same credentials, the process of renewing the certificate will fail later on.

Within Apple’s portal, you can locate the Push Certificate. If you have more than one Push Certificate created, just click on the “i” icon to check out the Apple push topic (UID) of the certificates. Select the certificate you want to renew and click on “Renew”. Next, upload the file you’ve downloaded from your MDM solution. Finally, you are able to download the renewed certificate with the extension .PEM from Apple’s website.

Back in your device management solution, navigate to the Push Certificate area and select the .PEM file to renew the certificate. And done! Your APNs is renewed.

We want to remind you of the importance of keeping the Apple ID used to generate the Push Certificate in a safe place. If the Apple ID doesn’t match, the renewal will fail and you'll need to redo the entire enrollment process.

Now that you have learned how to create a new Push Certificate and renew it, you are now able to continue configuring your Apple mobile device management solution to send commands safely to your Apple devices.