How to renew the Apple Push certificate


The Apple push certificate has stopped syncing the access to Google Workspace Support. How can you renew it?


  • Mobile Device Management 
  • iOS 


Step 1: Generate a renewal request

  1. In your Admin console.
  2. Go to Menu > Devices > Mobile & endpoints > Settings > iOS settings.
  3. Requires having the Services and devices administrator privilege.
  4. Click Apple certificates.
  5. The current certificate details are displayed: the unique identifier (UID), the Apple ID, and expiration date.
  6. Click Renew Certificate.
  7. Click Get CSR and save the certificate signing request (.csr file). Download this file only once.

Step 2: Get a renewed certificate

  1. Click Apple Push Certificates portal.
  2. In the new tab, sign in to the Apple portal with the Apple ID and password you used when you created the certificate.
  3. Next to the certificate you want to renew, click Renew and accept the terms of use.
  4. Tip: If more than one certificate is listed, you need to identify the correct certificate. Locate certificates with the same expiration date as in the Google Admin console. Click the i button ("certificate info") next to each one to find the UID and make sure it matches the certificate you want to renew.
  5. Click Choose File and open the certificate signing request (.csr) file you saved in step 1.
  6. To submit the request file, click Upload.
  7. Apple accepts the request and displays a confirmation page with your service type, vendor domain, and the expiration date for this certificate.
  8. Click Download and save the signed certificate (.pem) file. Download this file only once.
  9. Go back to your Admin console tab or window.

Step 3: Upload your renewed certificate

  1. Click Upload Certificate and select the certificate (.pem) file you saved from the Apple Confirmation page in the previous step.
  2. Click Save & Continue.
  3. The system verifies and uploads the renewed certificate. If you have problems, make sure the signed certificate you submitted matches the UID of the existing certificate.