How to renew Apple Push Certificate for Intune (Hybrid SCCM)

It’s that time of year, where I have to renew my Apple Push Certificate for Intune. And like every other year, I keep forgetting how I did previously.

So now it’s time to put it down in writing. Here goes:

  • First off you have to create a signing certificate. You do that directly in the CM console: Administration > Cloud Services > Microsoft Intune Subscriptions. Click Create APNs certificate request in the ribbon and save the .csr file.

RequestApplePushRibbon

  • Secondly you have to upload the request to the Apple Push Certificates Portal: https://identity.apple.com/pushcert/. Go to the portal and renew your existing certificate.

PushPortal

  • Thirdly, upload the signing certificate (.csr) you just created in the first step and your certificate has been renewed. Download the renewed certificate. This is a file with the extension of .pem; MDM_ Microsoft Corporation_Certificate.pem
  • Finally, go back to your CM console: Administration > Cloud Services > Microsoft Intune Subscriptions. Click Configure Platforms in the ribbon, and select iOS in the dropdown menu. Browse to the location of your .pem file and open it.

IntuneSubProperties

  • Done. The certificate has been renewed

ConfigMgr 1511 – Notes from the field

I just updated my ConfigMgr environment to 1511 (CurrentBranch) and while the installation itself went safe and sound, following is to be noted:

  • The new Software Center never got installed properly with a shortcut in the start menu (%ProgramData%\Microsoft\Windows\Start Menu\Programs\Microsoft System Center\Configuration Manager)
    I had to re-enable the setting in my Client Settings (Disable the feature, OK, Enable the feature, OK and do another policy refresh)

ClientSettings

  • None of the new Windows 10 1511 software updates was synced into SCCM. I checked WSUS manually, and the classification Upgrades was not selected regardless of the Upgrades being indeed selected in SCCM. To solve this, I had to de-select all classifications in SCCM and select them again on the Software Update point. When I checked the chosen classifications in WSUS again, the proper selections was inherited from SCCM as expected and the next sync downloaded the Windows 10 Upgrades.

Classifications