macOS
      Back to home
      1. Help Center
      2. macOS

      Frequently Asked Apple Push Certificate (APN) Questions

      Overview

      This article will cover general questions regarding Apple Push Certificate, also known as Apple Push Notification service (APN).

      You can find general instructions in Get an Apple MDM Push certificate for Intune, but this article addresses other questions and issues that you might have.

      Why do I need to configure an APNs certificate in Intune?

      Intune uses the Apple Push Notification service to communicate securely to your enrolled iOS devices, and Apple requires that each MDM service utilize their own certificate to establish a secure mechanism for devices to use when communicating on Apple’s push notification messaging network. Without the APNs certificate, devices could not be enrolled or managed by Intune.

      How long is the APNs certificate valid?

      By default, the APNs certificate is good for one year. This lifespan is determined by Apple. You must be sure to renew your APNs certificate before it expires.

      What happens if I don't renew my APNs certificate before it expires?

      If your APNs certificate expires, enrollment of new iOS devices will fail and you will experience problems managing existing iOS devices until a new APNs certificate is obtained.

      Important: If you renew an expired APNs certificate outside of the grace period (30 days as of this writing), Apple will issue you a brand new certificate. When this happens, because the certificate is now different, you will be forced to unenroll and re-enroll all existing, Intune-managed Apple devices. Steps to unenroll (remove) an iOS device can be found here.

      Do I need to renew my APNs certificate or can I just get a new one?

      It is critical that you renew your APNs certificate, not request a new one. This means you must ensure that you use the same Apple ID and renew the same certificate from Apple’s site. If you request a new certificate instead of renewing your existing certificate, you will be forced to unenroll and re-enroll all of your existing Apple devices. Steps to unenroll (remove) an iOS device can be found here.

      How do I know if APNs certificate is about to expire?

      Apple should send an email notification to the Apple ID that requested the certificate at 30 days, 10 days, and 1 day prior to the expiration date. You can also see certificate expiration dates in the Microsoft Intune portal. Go to Device Enrollment Apple Enrollment Apple MDM Push certificate, and under Expiration you will see the date and time.

      How do I renew my APNs certificate?

      For instructions, see Get an Apple MDM push certificate.

      If I have multiple APNS certificates, how can I tell which certificate I need to renew in the Apple Push Certificates Portal?

      On an enrolled iOS device, go to Settings General Device Management Management Profile More Details Management Profile. Under Topic you will see a unique GUID that you can match up to the correct certificate in the Apple Push Certificates Portal . Here is an example from a test device.