This procedure assumes that you already have uploaded a certificate for the Apple
Push Notification service (APNs) to Sophos Mobile Control that is about to be expire
and needs to be renewed.
To create and upload a new certificate, see Create an APNs certificate.
Important: On the Apple portal, it is important that you select the correct
APNs certificate for renewal. If you renew the wrong certificate, you might need to
re-enroll all iOS devices.
On the menu sidebar, under SETTINGS, click and then click the iOS APNs tab.
In the Download certificate signing request step, click
Download certificate signing request.
This saves the certificate signing request file apple.csr
to your local computer.
Skip the step Create Apple ID. This step is only required
if you are creating an APNs certificate for Sophos Mobile Control for the first
In the Create or renew APNs certificate step, click
Apple Push Certificates Portal.
This opens the Apple Push Certificates Portal.
Log in with your Apple ID. This must be the same ID that you used for the
creation of the initial APNs certificate.
On the Apple Push Certificates Portal, click Renew next
to your Sophos Mobile Control APNs certificate.
Upload the certificate signing request file apple.csr you
Download the .pem APNs certificate file and save it to
In the Upload APNs certificate step, click
Upload certificate and then browse for the
.pem file that you received from the Apple Push
When you are logged in as super administrator, there is an additional dialog
that lists all customers that currently use the same APNs certificate as the
super administrator customer, that is a certificate with the same Topic
- Click Save for all customers concerned to renew
the APNs certificate for all of these customers.
- Click Save only for super administrator customer
to renew the APNs certificate only for the super administrator
If the following message is shown, you are not renewing the correct
"The topic of the new certificate does not correspond to the old one. If devices have been
set up with the previous certificate, they have to be set up again. Do you really want to save
This message indicates that you are about to create a new APNs certificate with a
different identifier. If you confirm the message, all existing iOS devices are
not manageable any more and you have to re-enroll them.
For information how to select the correct certificate, see Identify the correct APNs certificate for renewal.