Introduction
I have previously done a short post on how to renew the Apple Push Certificate when having Intune integrated with Configuration Manager (Hybrid). Since then, I’ve changed the MDM authority to Intune standalone and therefore the procedure changes slightly. Again, this is taken directly from an production environment and my certificate was due to expire in roughly 30 days. For the curious, this is the exact steps I went through to renew our Apple Push Certificate in Microsoft Intune standalone.
How to
- Log into the Azure portal at portal.azure.com (at the time of writing, the old silverlight portal will be going away pretty soon). When browsing the Azure portal, locate or search for the Intune blade. Below is a direct snippet of my tenant displaying that the push certificate is expiring soon. (don’t mind the expired token)
- Browse to the Device enrollment -> Apple enrollment blade and click Apple MDM Push certificate as shown below
- On the Configure Push certificate blade, notice that the days until expiration is shown here as well. Proceed the renewal on Download your CSR. This will begin a download of a file named: IntuneCSR.csr
- Once the IntuneCSR.csr is downloaded, move on to the Apple Push Certificates Portal on https://identity.apple.com/pushcert/ and log in with the credentials used to issue the certificate originally. Once logged in, click on Renew on the certificate about to expire. In this case, mine is expiring July 4, 2018.
- Use the IntuneCSR.csr (the signing request) file downloaded previously in the following process and once confirmed, download the renewed certificate as shown below
- The download will provide you with a file named MDM_ Microsoft Corporation_Certificate.pem. This will be used completing the renewal back in the Azure Portal in the Configure MDM Push Certificate blade. Also as shown below. Remember to fill out the account / Apple ID used to issue the certificate originally.
- Click Upload and when completed, you will notice a new expiration date. Both when browsing the Intune portal as well as the Apple Push Certificates Portal. In my scenario, the new expiration date is May 28, 2019. Precisely a year from today.
NOTE: As some kind people are pointing out in the comments section; do NOT create a new certificate if you have existing device enrolled on the current certificate. If you do so, you’ll lose the ability to manage those and the devices has to be re-enrolled.
Please leave a comment, if this was helpful 🙂
Hi Martin – great post. I would probably add something to alert anyone new to this process that they should re-new not replace the APN…replacing the APN = bad times 😉
Indeed. I don’t hope anyone do that. I’ll make a note asap. Thanks 🙂
Also make a note to renew before expiration date. Cause of you miss the boat all devices need to be re-enrolled cause management is lost.
I’ve heard mixed opinions about this. Some say as long as you keep the same APN, letting the certificate expire doesn’t matter. Though I’m not gonna take the chance and try it. But yes, I wouldn’t recommend letting the cert. expire either. Thanks for the note 🙂
Thanks, that was very helpful ??
Excellent tutorial and very helpful.
Many thanks