How to set up an Apple push certificate

Problem

How can you upload an Apple push certificate to the Admin console if the existing one has expired?

Environment

  • iOS devices

Solution

  1. Log in to the Admin Console.
  2. Navigate to Devices > Mobile & endpoints > Settings > iOS Settings.
  3. At the top, select Apple Certificates > Set up a new certificate.
  4. Under Certification Request, click Get CSR.
  5. Click Get CSR, save the .csr file somewhere accessible.
  6. Go back to the Admin Console and look for Sign in to the - Apple Push Certificates portal. Then click the link Apple Push Certificates portal.
  7. After you have set up your signed certificate, you can download the .PEM file. Save that file first as it is the file you need to upload in the Admin Console.
  8. Once you're inside the Apple Portal, click Create a Certificate and accept the terms of use.
  9. Then, click Choose File and select the certificate signing request (.csr) file you saved earlier. Then, click Upload.
  10. Once done, click Download and save the signed certificate (.pem) file. Download this file only once and save it to your machine.
  11. After you save the file, go back to your Admin console and enter the Apple ID you used to download the signed certificate (.pem) file.
  12. Select Finish APNS certificate setup, click Upload Certificate and choose the (.pem) file you have saved from the Apple Portal.
  13. Click, Save and Continue to finish the setup.

Cause

Expired certificates cannot be renewed like existing ones. To avoid having to perform these steps in the future, you can renew an Apple push certificate.