Renew APNs certificate and update Apple MDM service

You can renew your APNs certificate within the validity period before expiration.

About this task

Apple push certificates have a one-year lifetime. The WebUI Modern Client Management dashboard notifies the WebUI user when certificates are within 30 days of expiry.
Important: If the APNs certificate has already expired, you must set up a new certificate. See, Generating APNs certificate. If you generate a brand new certificate, already enrolled devices will be orphaned. To avoid this, you need to renew these APNs certificate annually when it gets close to expiry.

To renew the APNs and update the certs in the Apple MDM service, complete the following:

Procedure

  1. Request CSR signatures: To renew the expiring CSR, send the CSR generated previously to BFAppleCSR@hcl.com.
    Important: Include your HCL Customer ID or BigFix server serial number in the body of the email. This is necessary to authorize the request and validate entitlement to MCM or BigFix Mobile.
    An HCL-signed version of the CSR file, plus additional instructions from BFAppleCSR@hcl.com will be returned to the sender’s email address within one business day. Follow the instructions in that email to obtain the required file through your Apple Developer account.
  2. Renew the Push Certificate
    1. Log in to the Apple Push Certificates Portal using the same Apple ID with which you generated the APNs initially.
    2. Locate the certificate you want to update and click Renew.
    3. Upload the HCL-signed version of the CSR file obtain a provider certificate from Apple.
    4. Download the push certificate (.pem).
    5. Save the push certificate at a safe location.
  3. Supply this push certificate into Fixlet 409 Update Apple push certificate to update the certs in the Apple MDM service.