Anyone who has worked with Intune will know that an Apple APN certificate is required in order to manage iOS devices. This is an Apple requirement. So what is this APN? The Apple Push Notification Service (APN) is a service created by Apple. It forwards notifications from 3rd party applications to Apple devices - and it requires an Apple certificate (which is free, of course).
It's pretty straightforward to generate and apply this certificate. I've previously blogged about that here. That example describes the process in a hybrid environment of ConfigMgr and Intune. The big drawback of this process is that you can only generate a certificate which lasts for one year. Then it must be renewed. It is vital that the certificate is renewed before it expires. Otherwise you will have to re-enrol ALL your iOS devices. You do the Maths on that one.
It's vital that you set up an alert to warn you that the certificate is about to expire.
This is an example of the alert in standalone Intune. It's the same idea in hybrid.
Here we can see the details of the alert. Click on "iOS Mobile Device Management" to take you to the section where you can fix this.
We can see exactly when the certificate will expire. Click on "Enable the iOS Platform".
Select "Download the APNs Certificate Request" to generate a CSR.
Save the CSR locally.
Now select "Apple Push Certificates portal" and log in with your Apple ID. See the existing certificate and the expiry date. Click to Renew the certificate (it's better not to use IE for this process - other browsers are more reliable here).
Browse to your CSR and select Upload
If you are using IE you will see this almost immediately.. This is the wrong file format and you do not need it. Cancel and refresh the browser.
You will see your new certificate. Select "Download".
See the correct file extension (.pem).
Save the certificate.
Now back to the Intune portal. Select "Upload the APN certificate"
Browse to the certificate and enter your Apple ID.
All is now OK in the console.
The process for renewing the Apple APN certificate in a hybrid environment is almost identical.
Remember - "DO NOT LET THE APN CERTIFICATE EXPIRE"
Until next time.
OK, so what if my certificate expired? I have been trying to renew it all day and no luck :-( The process appears to succeed, but the iOS app in Intune still says it has expired.
ReplyDeleteI de-enrolled my device and re-enrolled it, but nothing.
May I know what is the user experience if the apn cert expired and renew. Will I getting notifications from company Portal on the renew certificate error ?
ReplyDeleteVery help full information, thanks for it...
ReplyDeleteRenewing the certificate shouldn't throw any notifications unless we same apple Id for renewal. What will happen if I change the Apple ID? will it ask the end user to renroll the certificate or will it not throw any notifications.
ReplyDelete