Renewing the APNS certificate in the IBM MaaS360 Portal

Information on renewing the existing APNS certificate in the IBM® MaaS360® Portal.

About this task

The APNS certificates are valid for 365 days and must be renewed before the expiration date. After the expiration, you get a grace period of 30 days for certificate renewal. IBM MaaS360 Portal notifies administrators when a certificate is nearing expiration on devices.

To keep devices managed and enrolled in MaaS360, you need to update the APNS certificate every year. If the certificate expires, new devices enrollment fails and managing existing ones is difficult until you upload the new certificate. Use the same Apple ID to renew the existing certificate from Apple's site. If you request a new certificate instead of renewing the existing certificate, you are forced to reenroll all currently enrolled Apple devices in the IBM MaaS360 Portal.

Procedure

  1. From the IBM MaaS360 Portal home page, go to Setup > Services.
  2. Expand the Mobile Device Management section.
  3. Expand the APNS Certificate section. The APNS Certificate topic and Associated Apple ID are displayed.
    Note: Use the same Apple ID for the certificate renewal.
  4. Click Renew.
    The Setup Apple enrollment page is displayed.
  5. Follow these steps to download the Certificate Signing Request (CSR.text) file.
    1. Enter your company's Apple ID that was originally used to create the APNS certificate and click Generate Certificate. The Certificate Signing Request (CSR.txt) file is automatically generated and sent to your email address that is registered with MaaS360.
    2. Click Download CSR.txt to download the Certificate Signing Request (CSR.txt) file to your device.
      Note: You need the CSR.txt file to renew your certificate on the Apple website. The CSR.txt file is not the same as the Apple Push Certificate (.pem) file that you uploaded in Step 8.
  6. Follow these steps to renew and download the Apple Push Certificate.
    1. Click Go to Apple's Push Certificate Portal or open https://identity.apple.com/pushcert in another tab or window.
    2. Sign in with your organization's Apple ID. The list of certificates for third party is displayed.
    3. Click the Renew button next to your certificate.
      Note: Follow these steps to confirm that you are renewing the correct certificate.
      1. Compare the expiration date of the APNs certificate.
      2. Click the tooltip icon next to the Renew button and verify that the Subject DN matches the Apple MDM topic in the MaaS360 portal.
    4. Click Choose File to upload the CSR file and then select Upload.
      Note: This file is unique to each renewal instance. Delete the CSR.txt file each time or track which CSR.txt file you are using and use the most recent one.
    5. Click Download on the Confirmation page. The Apple Push Certificate file (.pem) is downloaded on the device.
  7. Go to IBM MaaS360 Portal, click Continue.
  8. Follow these steps to upload the APNs certificate in the MaaS360 Portal.
    1. Click Browse to upload the pem file that you downloaded.
    2. Create a certificate password. This password is used for certificate encryption.
      Note: Your password must meet the following requirements.
      • Password must consist of a minimum of 8 characters.
      • Password must include at least one letter, one number, and one special character.
      • Avoid special characters like <, >, &, %, and blank spaces in your password.
    3. Click Upload Certificate.