How to Renew APNs (Apple Push Notifications) Certificate?

• Apple Push Notification (APNs) Certificate Renewal
• Create and sign a CSR
• How to renew APNs certificate?
• Migration of APNs certificate from one Apple ID to another
• Changing the E-mail address used for APNs

Apple Push Notification (APNs) Certificate Renewal

This document explains the steps involved to renew the APNs certificate. Always use a corporate Apple ID than a personal one. If the APNs certificate has expired, then you can no longer manage the Apple devices. In this case, you have to renew the APNs certificate at the earliest to continue managing them. It is recommended that the Apple Push Certificate (APNs) be renewed and uploaded in the Mobile Device Manager Plus server at least a month before it gets expired, to ensure all devices get the renewed APNs certificate. If the APNs certificate renewal is done a few days before the APNs expiration, the devices will receive the renewed APNs once they come in contact with the server.
NOTE: If the APNs is revoked, you only have to renew it to continue managing devices. The devices need not be re-enrolled.

(Not applicable for MDM Cloud) Ensure that https://creator.zoho.com is allowlisted on the organization's firewall and any other third-party filter. If you're using MDM within Desktop Central, you can configure and manage APNs certificate by navigating to Enrollment in the left pane and selecting APNs Certificate under Apple.

There are 2 stages in renewing an APNs certificate, they are

1. Create and sign a CSR
2. Renew and Upload APNs

Create and sign a CSR

To create and get the CSR signed from Zoho Corporation, follow the steps mentioned below:

1. On the MDM server, click the Enrollment tab and select APNs Certificate from the Apple dropdown in the left pane.

2. Click the Renew APNs Certificate button, to invoke the renewal process. Renew APNs button appears 3 months before your APNs expires.



3. Download the Vendor Signed CSR once the signing process is complete.

Renew and Upload APNs

Upload the Signed CSR to the Apple Push Certificates (APNs) Portal as mentioned below:

• Sign into the Apple Push Certificate Portal to renew the APNs. It is recommended to use the browsers Safari,Google Chrome, or Firefox, while executing the below-mentioned steps.
• Sign in using the corporate Apple ID and password, you used the previous time while creating the APNs certificate.

Ensure you use the same Apple ID which you have used while creating the APNs for the first time, else you have to re-enroll all the managed mobile devices. If you have generated more than one APNs certificate using the same Apple ID, then you can refer to the image below to identify the appropriate APNs certificate.



• Once logged in, choose Renew Certificate by selecting the certificate based on the expiry date and UID as explained below. Ensure the UID mentioned here is the same as the previous APNs certificate which is about to expire. You can verify this in the Mobile Device Manager Plus server.



• After reading terms and conditions Click Accept.
• Upload the signed certificate you received from Zoho Corporation.
• A new certificate for managing the Apple devices appears in the portal.
• Download the new Apple signed certificate (MDM_ZOHO_Corporation_Certificate.pem).
• On the MDM server, click Next to upload the APNs certificate you have downloaded from the Apple Push Notification portal.
• Click Upload to complete the renewal process.

Migration of APNs certificate from one Apple ID to another

In case the login credentials associated with your APNs certificate cannot be remembered or, if you prefer to migrate the APNs certificate from one Apple ID to another, you can raise a ticket with Apple Developer Program Support. You can contact Apple Developer Program Support by phone or web with the Certificate Name, UID, Serial Number, Expiry Date, Old Apple ID (optional) which is readily available on the MDM server.

Changing the E-mail address used for APNs

APNs created using employee e-mail address instead of an organization-based e-mail address, APNs cannot be renewed in the following scenarios:

• If the password is forgotten by the employee
• If the employee has left the organization, and the associated e-mail address has been terminated

Thus, it is ideal in having APNs created using organization-based e-mail address. To change the e-mail address, follow the steps mentioned below:

• Log into the Apple portal with the Apple ID used for creating APNs. Click on Edit under the Accounts section.
• Click on Change E-mail Address under the Apple ID section. Specify the new E-mail address. This e-mail shouldn't be associated with any other Apple ID.
• Click on Continue and follow the on-screen instructions to change the e-mail.
• Go to the MDM console, click on the Enrollment tab and select APNs certificate, under the Apple section.
• After clicking the Renew APNs button, you'll be shown the Apple ID which was used to create the APNs.
• Click on the link Change my Apple ID, which is present adjacent to the Apple ID. Follow the on-screen instructions and update the Apple ID.