Renew an APNs certificate

This procedure assumes that you already have uploaded a certificate for the Apple Push Notification service (APNs) to Sophos Mobile that is about to be expire and needs to be renewed.

To create and upload a new certificate, see Create an APNs certificate.

Important In the Apple portal, it is important that you select the correct APNs certificate for renewal. If you renew the wrong certificate, you might need to re-enroll all iOS and macOS devices.
  1. On the menu sidebar, under SETTINGS, click Setup > System setup and then click the APNs tab.
  2. In the Download certificate signing request step, click Download certificate signing request.
    This saves the certificate signing request file apple.csr to your local computer.
  3. Skip the step Create Apple ID. This step is only required if you are creating an APNs certificate for Sophos Mobile for the first time.
  4. In the Create or renew APNs certificate step, click Apple Push Certificates Portal.
    This opens the Apple Push Certificates Portal.
  5. Log in with your Apple ID. This must be the same ID that you used for the creation of the initial APNs certificate.
  6. In the Apple Push Certificates Portal, click Renew next to your Sophos Mobile APNs certificate.
  7. Upload the certificate signing request file apple.csr you prepared before.
  8. Download the .pem APNs certificate file and save it to your computer.
  9. In the Upload APNs certificate step, click Upload certificate and then browse for the .pem file that you received from the Apple Push Certificates Portal.
  10. Click Save.
  11. When you are logged in as super administrator, there is an additional dialog that lists all customers that currently use the same APNs certificate as the super administrator customer, that is a certificate with the same Topic attribute.
    • Click Save for all customers concerned to renew the APNs certificate for all of these customers.
    • Click Save only for super administrator customer to renew the APNs certificate only for the super administrator customer.
Important If the following message is shown, you are not renewing the correct certificate:

The topic of the new certificate does not correspond to the old one. If devices have been set up with the previous certificate, they have to be set up again. Do you really want to save your changes?

This message indicates that you are about to create a new APNs certificate with a different identifier. If you confirm the message, all existing iOS and macOS devices are not manageable any more and you have to re-enroll them.

For information on how to select the correct certificate, see Identify the correct APNs certificate for renewal.