Renew APNs Certificate in Intune

      No Comments on Renew APNs Certificate in Intune

In one of my previous blogs I explained how to setup the Apple Push certifate (APNs Certificate). In this blog I will show how you can renew your APNs Certificate. It is important that you renew your APNs Certificate before it expires, if you do not do this then you will have issues enrolling new devices (see pic. 1) and managing existing devices.

Picture 1: APNs certificate error during enrollment.

This is because Intune uses the Apple Push notification Service to communicate with enrolled devices. To use the Apple Push Notification Service, Intune requires a valid APNs certificate.


Validity APNs certificate

An APNs certificate is valid for one year. According to this Microsoft blogpost you will recieve an email on the Apple ID used for creating the APNs certificate (30, 10 and 1 day prior to expiring), but I did not recieve these emails. The Expiration Date of the certificate can also be checked in the Apple Push Certificates Portal

Another way to view the validity of the certificate is by checking the MEM admin center. Go to “Devices” -> “iOS/iPadOS” -> “iOS/iPadOS enrollment” or click here and select “Apple MDM Push certificate”. In this overview you can see the current Status, amount of days until expiration and expiration date.



It’s important that you renew your APNs certificate and you do not create a new APNs certificate. Also you need to renew the expired certificate within the 30 day grace period, otherwise you will get a new certificate.  If you use a new certificate you will need to re-enroll all your existing iOS devices. Also you should always use the same apple id to renew the certificate as you used to create the certificate. It’s not possible to change the Apple ID used, but Apple may be able to associate a new Apple ID with an existing certificate.

To renew a certificate you need to perform the following steps:

1. Go to “Devices” -> “iOS/iPadOS” -> “iOS/iPadOS enrollment” or click here and select “Apple MDM Push certificate”. Select “Download your CSR” and save the file.


2. Open a new browsertab and go to the Apple Push Certificates Portal and login with the same Apple ID used to create the APNs Certificate. Select “Renew” to renew the certificate.


3. Press “Choose File” to select the CSR file you downloaded at step 1. Press “Upload” to continue.


4. Press “Download” to download and save the renewed APNs Certificate (*.PEM file).


5. Select the MEM admin center tab in your browser. Enter the Apple ID used to renew the certificate and select the renewed APNs Certificate. Press “Upload” to finish renewal


6. The MDM push certificate has now been updated. The status, days to expiration and expiration date are now updated.


Leave a Reply

Your email address will not be published. Required fields are marked *