Workspace One UEM | How to renew an APNs Certificate?

Posted by on in | 275 Views | Leave a response

APN’s certificate is valid for one year. One year after you generated your APNs certificate for MDM, you must renew the certificate in order to continue managing iOS devices.

Note: To perform this task, ensure your AirWatch Admin Account has access to the highest AirWatch Organization Group. Also, you must perform this task at the Organization Group level where the certificate was originally loaded. If your Admin Account does not have access to the highest Organization Group you may not be able to access the necessary settings.

Renewing Your APNs Certificate from the Apple Push Certificate Portal

You must renew the certificate with the same Apple ID credentials used to get the original certificate. It is also important to renew the same certificate originally uploaded in the console.

  • Navigate to Groups & Settings > All Settings > Devices & Users > Apple > APNs For MDM o the Workspace ONE UEM Console.
  • Click Renew.
  • Follow the prompts on the screen to view the instructions and then click “MDM_APNsRequest.plist” link to download new AirWatch Certificate request (.plist file)
  • Click Go To Apple. Please keep the Workspace ONE UEM Console open. You will come back to use the console for operations described in [Entering the Certificate into the Workspace ONE UEM (AirWatch) Console] section.
  • Sign in using the same Apple ID used to sign into the Apple Push Certificates Portal website previously.
  • Find the certificate with the UID that matches the UID in the certificate that is being renewed.
  • Click Renew to update the certificate due to expire.
  • Click Choose File.
  • Navigate to the .plist file downloaded in step #3 and click Open.
  • Click Upload, then the following dialog box appears and the renewal of the certificated is completed.
  • Click Download to retrieve the new certificate. Although this is a renewed certificate, it displays as if it is a new certificate in the Apple Certificate Portal and you should now work with this version.

Upload the APNs certificate to Workspace ONE UEM console.

  1. Login to the Workspace ONE UEM (AirWatch) Console and click Next.
  2. Upload the Apple-signed certificate (.pem file) to AirWatch. Enter the same Apple ID used to sign into the Apple Push Certificates Portal website previously.
  3. Click Save.
  4. When prompted, enter the security PIN. Now the new APNs certificate has been saved in AirWatch.
    Note: When generating and renewing at a top-level Organization Group, set child groups to inherit or override settings and click Save.


Note: You must renew the certificate with the same Apple ID credentials used to get the original certificate. It is also important to renew the same certificate originally uploaded in the console.
If you use different credentials or renew an different certificate, you are not renewing the certificate but generating a new certificate. When you apply this new certificate to the Workspace ONE UEM (AirWatch) Console, the communication breaks between the Workspace ONE UEM (AirWatch) Console and the iOS devices associated with the original certificate. If this happens, you must then re-enroll every iOS device associated with the original certificate. Using the same Apple ID credentials and certificate for renewal saves the effort of having to re-enroll all your iOS devices