Skip to content

Renew APNs certificate

Requirement

You have uploaded a certificate for the Apple Push Notification service (APNs) to Sophos Mobile that is about to be expire and needs to be renewed.

To create and upload a new certificate, see Create APNs certificate.

Warning

In the Apple portal, it is important that you select the correct APNs certificate for renewal. If you renew the wrong certificate, you might need to re-enroll all iPhones, iPads, and Macs.

Sophos Mobile manages APNs certificates per customer. Even when an APNs certificate is cloned from the super administrator customer to a regular customer when that customer is created, the customer’s certificate must be renewed separately when it is about to expire.

To facilitate the renewal of APNs certificates, the super administrator can in one step renew the certificates of all customers that use the same certificate.

Renew APNs certificate

  1. On the menu sidebar, under SETTINGS, click Setup > Apple setup, and then click the APNs tab.
  2. Click APNs certificate wizard.
  3. On the Mode page, click Renew my APNs certificate.
  4. On the CSR page, click Download certificate signing request.

    This saves the certificate signing request file apple.csr to your local computer.

    The signing request file is specific to the current customer.

  5. On the Apple ID page, the Apple ID used to create the initial APNs certificate is displayed.

    You need this ID to log into the Apple portal.

  6. On the Certificate page, click Renew certificate on the Apple portal.

    This opens the Apple Push Certificates Portal.

  7. Log in with the Apple ID that was displayed in the wizard.

  8. In the Apple Push Certificates Portal, click Renew next to your Sophos Mobile APNs certificate.
  9. Upload the certificate signing request file apple.csr you prepared earlier.
  10. Download the .pem APNs certificate file and save it to your computer.
  11. On the Upload page, click Upload certificate and then browse for the .pem file that you received from the Apple Push Certificates Portal.
  12. Click Save.
  13. If you’re a super administrator, you can renew the certificate for all customers at once. Select one of the following:

    • Click Save for all customers concerned to renew the APNs certificate for the super administrator customer and for customers currently using the same certificate.
    • Click Save only for super administrator customer to renew the APNs certificate only for the super administrator customer.

Warning

If the following message is shown, you are not renewing the correct certificate:

The topic of the new certificate does not correspond to the old one. If devices have been set up with the previous certificate, they have to be set up again. Do you really want to save your changes?

This message indicates that you are about to create a new APNs certificate with a different identifier. If you confirm the message, all existing iPhones, iPads, and Macs are not manageable any more and you have to re-enroll them.

For information on how to select the correct certificate, see Identify the correct APNs certificate for renewal.