APNS Certificate

The Apple Push Notification Service (APNS) is a platform that allows third-party apps to send push notifications to iOS devices. To manage these devices, you need to get an APNs certificate. SureMDM uses this certificate to securely communicate with Apple devices and report device information back to the console. Therefore, it is important to set up this certificate before enrolling any iOS or macOS device to ensure smooth management through the SureMDM server.

As per the Apple Enterprise Developer Program, an APNs certificate is valid for one year and then needs to be renewed. The SureMDM console sends reminders through notifications as the expiration date approaches. Once you renew your certificate from the Apple Development Portal, your current certificate will become invalid, hindering device management until the new certificate is uploaded. Therefore, it is advisable to upload the new certificate as soon as it is renewed. It is recommended to utilize separate certificates for your production and test environments.

note

This configuration is required to manage only iOS devices.

Generate APNS Certificate and Register in SureMDM

Before you can manage iOS devices with SureMDM, you must first generate an APNs Certificate to enable and maintain secure communications between your iOS devices and the SureMDM console. To obtain and register the APNS certificate in SureMDM, follow these steps:

On the SureMDM Web Console, navigate to Settings (icon located at top right of the screen) > Account Settings > iOS/iPadOS/macOS Settings > APNS.
Under Download CSR, click Download to get vendor-signed CSR (Certificate Signing Request) for generating the push certificate from Apple Push Certificate Portal.
Go to Apple Push Certificate Portal and log in with Apple ID.
On the Certificates for Third-Party Servers page, click Create a Certificate.
In the Create a New Push Certificate page, upload the Certificate Signing Request (CSR) downloaded from the SureMDM Web Console. (Refer to step no. 2)
On successful upload, a download button to download the newly created push certificate will be available.
Click Download to download the push certificate.
Go back to Settings > Account Settings > iOS/iPadOS/macOS Settings > APNS on the SureMDM Web Console and upload the push certificate by clicking on Upload.
Once the upload is successful, you can see the Apple ID details, such as Issued To, Issued By, Valid From, Valid Till, and Apple ID Name.

note

Each SureMDM account requires an individual APNS certificate.
Admins must note down and keep the Apple credentials handy for annual renewal. To know how to renew the existing APNS certificate, see here.

Renew the Existing APNS Certificate

To renew the APNS certificate, follow these steps:

On the SureMDM Web Console, navigate to Settings (icon located at the top right of the screen) > Account Settings > iOS/iPadOS/macOS Settings > APNS.
On the APNS page, click Download. This will download the vendor- signed CSR (Certificate Signing Request).
Go to the Apple Push Certificate Portal and log in with your Apple ID.

note

Use the same Apple account that was used while creating the push certificate.

On the Certificates for Third-Party Servers page, click Renew.

note

You need to select the correct certificate for the SureMDM account that is due for renewal.

On the Renew Push Certificate page, upload the Certificate Signing Request (CSR) downloaded from the SureMDM Web Console. (Refer to step no. 2)
On the confirmation page, click Download.
A new push certificate will be downloaded.
Go back to the SureMDM Web Console > Account Settings > iOS/iPadOS/macOS Settings > APNS.
On the APNS screen, click Upload and upload the newly created push certificate. (Refer to step no. 6) Results: Your existing APNs certificate renews.

note

It is recommended to use a corporate Apple ID to create APNs. When you renew the APNs certificate, you have to use the same Apple ID. If you happen to use a different Apple ID, then you have to re-enroll all the managed mobile devices.