How to renew Apple Push Certificate for Intune (Hybrid SCCM)

It’s that time of year, where I have to renew my Apple Push Certificate for Intune. And like every other year, I keep forgetting how I did previously.

So now it’s time to put it down in writing. Here goes:

  • First off you have to create a signing certificate. You do that directly in the CM console: Administration > Cloud Services > Microsoft Intune Subscriptions. Click Create APNs certificate request in the ribbon and save the .csr file.

RequestApplePushRibbon

  • Secondly you have to upload the request to the Apple Push Certificates Portal: https://identity.apple.com/pushcert/. Go to the portal and renew your existing certificate.

PushPortal

  • Thirdly, upload the signing certificate (.csr) you just created in the first step and your certificate has been renewed. Download the renewed certificate. This is a file with the extension of .pem; MDM_ Microsoft Corporation_Certificate.pem
  • Finally, go back to your CM console: Administration > Cloud Services > Microsoft Intune Subscriptions. Click Configure Platforms in the ribbon, and select iOS in the dropdown menu. Browse to the location of your .pem file and open it.

IntuneSubProperties

  • Done. The certificate has been renewed

2 thoughts on “How to renew Apple Push Certificate for Intune (Hybrid SCCM)

  1. What are the implications if any of creating a new APN and setting up as opposed to renewing an existing certificate? Its the Apple APN I require as I cannot enrol IOS devices

    • No implications. However, if you upload a new certificate to intune opposed to renew it, existing enrolled devices will become unmanaged.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.