Renew an APNs certificate

This procedure assumes that you already have uploaded a certificate for the Apple Push Notification service (APNs) to Sophos Mobile Control that is about to be expire and needs to be renewed.

To create and upload a new certificate, see Create an APNs certificate.

Important: On the Apple portal, it is important that you select the correct APNs certificate for renewal. If you renew the wrong certificate, you might need to re-enroll all iOS devices.
  1. On the menu sidebar, under SETTINGS, click Setup > System setup and then click the iOS APNs tab.
  2. In the Download certificate signing request step, click Download certificate signing request.
    This saves the certificate signing request file apple.csr to your local computer.
  3. Skip the step Create Apple ID. This step is only required if you are creating an APNs certificate for Sophos Mobile Control for the first time.
  4. In the Create or renew APNs certificate step, click Apple Push Certificates Portal.
    This opens the Apple Push Certificates Portal.
  5. Log in with your Apple ID. This must be the same ID that you used for the creation of the initial APNs certificate.
  6. On the Apple Push Certificates Portal, click Renew next to your Sophos Mobile Control APNs certificate.
  7. Upload the certificate signing request file apple.csr you prepared before.
  8. Download the .pem APNs certificate file and save it to your computer.
  9. In the Upload APNs certificate step, click Upload certificate and then browse for the .pem file that you received from the Apple Push Certificates Portal.
  10. Click Save.
  11. When you are logged in as super administrator, there is an additional dialog that lists all customers that currently use the same APNs certificate as the super administrator customer, that is a certificate with the same Topic attribute.
    • Click Save for all customers concerned to renew the APNs certificate for all of these customers.
    • Click Save only for super administrator customer to renew the APNs certificate only for the super administrator customer.

If the following message is shown, you are not renewing the correct certificate:

"The topic of the new certificate does not correspond to the old one. If devices have been
      set up with the previous certificate, they have to be set up again. Do you really want to save
      your changes?"

This message indicates that you are about to create a new APNs certificate with a different identifier. If you confirm the message, all existing iOS devices are not manageable any more and you have to re-enroll them.

For information how to select the correct certificate, see Identify the correct APNs certificate for renewal.