Apple notification services
Tools > Modern Device Management > MDM Configurations > Apple > Apple Push Notification service
Endpoint Manager uses the Apple Push Notification Service (APNs) to communicate with Apple devices, which requires you to have an APNs certificate. Once you have obtained an APNs certificate, communication will be enabled, and you will be able to enroll and manage Apple devices.
APNs certificates expire after a year. You must replace the certificate before it expires, or else you will be required to re-enroll devices.
To generate a new certificate
Endpoint Manager will walk you through creating a certificate signing request (CSR), uploading your request to Apple's certificate portal, and adding the certificate to Endpoint Manager.
Before you begin, make sure you know the credentials for a company Apple account. You should not use a personal Apple ID to obtain this certificate.
1.Navigate to Configure > MDM Configurations > Apple > Apple Push Notification service.
2.Click Configure.
3.Select Create a new certificate and click Next.
4.Click Create Request.
5.Save the generated .plist file. This is your certificate signing request.
6.Click Go to Portal or enter https://identity.apple.com/pushcert in your browser to go to the Apple Push Certificate portal.
7. Enter your company Apple ID and password to sign in. Personal Apple IDs should not be used to obtain certificates for Endpoint Manager.
8. Click Create a certificate.
9.Read and accept the terms of use.
10.Click Choose File to select your certificate request .plist file.
11.Click Upload.
12. Click Download.
An MDM .pem file downloads.
13.Return to the Management Console.
14.Drag and drop your certificate file into the upload box, or click Browse to select your certificate.
15.Create a password for your certificate.
16.(Optional) Add a note to your certificate. Making a note of the Apple ID used to create the certificate may be helpful when it needs to be renewed.
17.Click Save.
18.Save the generated .pfx file. This is your completed certificate.
The certificate is automatically added to Endpoint Manager.
When you have a certificate in place, the Certificate Information section of the Apple Push Notification screen is populated. Take note of the expiration date for your certificate. It is important to renew your certificate before it expires to avoid needing to re-enroll devices.
What next? For information about continuing to configure MDM and enrolling devices, see Getting started with Apple device management.
To import an existing certificate
You can import an APNs certificate you already have. The certificate must be in .pem, .pfx, or .p12 format to work with Endpoint Manager.
1.Navigate to Configure > MDM Configurations > Apple > Apple Push Notification service.
2.Click Configure.
3.Select Import an existing certificate and click Next.
4.Drag and drop your certificate file into the upload box, or click Browse to select your certificate.
5.Enter the password for your certificate.
6.(Optional) Add a note to your certificate. Making a note of the Apple ID used to create the certificate may be helpful when it needs to be renewed.
7.Click Save.
When you have a certificate in place, the Certificate Information section of the Apple Push Notification screen is populated. Take note of the expiration date for your certificate. It is important to renew your certificate before it expires to avoid needing to re-enroll devices.
What next? For information about continuing to configure MDM and enrolling devices, see Getting started with Apple device management.
To renew a certificate
APNs certificates must be renewed yearly. Renewing your certificate before it expires prevents needing to re-enroll devices. When renewing a certificate, use the same Apple ID that was used to generate the certificate. If a different Apple ID is used, you will need to re-enroll devices.
1.Navigate to Configure > MDM Configurations > Apple > Apple Push Notification service.
2.Click Configure.
3.Select Renew an existing certificate and click Next.
4.Click Create Request.
5.Save the generated .plist file. This is your certificate signing request.
6.Click Go to Portal or enter https://identity.apple.com/pushcert in your browser to go to the Apple Push Certificate portal.
7. Enter your company Apple ID and password to sign in. Personal Apple IDs should not be used to obtain certificates for Endpoint Manager.
8.Click Renew next to the certificate you want to renew.
9.Click Choose File to select your certificate request .plist file.
10.Click Upload.
11. Click Download.
An MDM .pem file downloads.
12.Return to the Management Console.
13.Drag and drop your certificate file into the upload box, or click Browse to select your certificate.
14.Enter the password for your certificate.
15.(Optional) Add a note to your certificate.
16.Click Save.
17.Save the generated .pfx file. This is your completed certificate.
The certificate is automatically added to Endpoint Manager. The Certificate Information section of the Apple Push Notification screen is updated.
When you have a certificate in place, the Certificate Information section of the Apple Push Notification screen is populated. Take note of the expiration date for your certificate. It is important to renew your certificate before it expires to avoid needing to re-enroll devices.
To remove a certificate
1.Navigate to Configure > MDM Configurations > Apple > Apple Push Notification service.
2.Click Configure.
3.Select Remove an existing certificate and click Next.
4.Click Yes.
The certificate is removed.