Supported editions for this feature: Frontline Starter and Frontline Standard; Business Plus; Enterprise Standard and Enterprise Plus; Education Standard, Education Plus, and Endpoint Education Upgrade; Enterprise Essentials and Enterprise Essentials Plus; GSuite Basic and GSuite Business; Cloud Identity Premium.Compareyouredition
When you set up advanced management with Apple iOS devices, you created an Apple push certificate that you must renew yearly. The certificate establishes a trusted connection between iOS devices and your organization's domain.
Before you begin
If the certificate expires before you renew it, Google Workspace data will no longer sync with iOS devices, and users will see an error in the Google Device Policy app.
You have 30 days to renew the certificate after the expiration date. Apple offers this period now, but it may change in the future.
You cannot renew the certificate either 30 days after it expiresor if you don't have the password for the Apple ID associated with the certificate.
If you cannot renew your certificate, you can create a new one. When you do, your iOS users must unregister and reregister in the Google Device Policy app to sync Google Workspace data. For details, go to Set up an Apple push certificate.
Do not reload your browser window or close any pages while you renew the certificate.
Renew your certificate
Step 1: Generate a renewal request
Sign in to your GoogleAdminconsole.
Sign in using your administrator account (does not end in @gmail.com).
In the Admin console, go to MenuDevicesMobile & endpointsSettingsiOS.
The current certificate details are displayed: the unique identifier (UID), the Apple ID, and expiration date.
Click Renew Certificate.
Click Get CSR and save the certificate signing request (.csr file). Download this file only once.
Step 2: Get a renewed certificate
Click Apple Push Certificates portal.
In the new tab, sign in to the Apple portal with the Apple ID and password you used when you created the certificate.
Next to the certificate you want to renew, click Renew and accept the terms of use. Tip: If more than one certificate is listed, you need to identify the correct certificate. Locate certificates with the same expiration date as in the Google Admin console. Click the i button ("certificate info") next to each one to find the UID and make sure it matches the certificate you want to renew.
Click Choose File and open the certificate signing request (.csr) file you saved in step 1.
To submit the request file, click Upload. Apple accepts the request and displays a confirmation page with your service type, vendor domain, and the expiration date for this certificate.
Click Download and save the signed certificate (.pem) file. Download this file only once.
Go back to your Admin console tab or window.
Step 3: Upload your renewed certificate
Click Upload Certificate and select the certificate (.pem) file you saved from the Apple Confirmation page in the previous step.
Click Save & Continue. The system verifies and uploads the renewed certificate. If you have problems, make sure the signed certificate you submitted matches the UID of the existing certificate.
Related topic
Use the iOS Google Device Policy app
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companieswith which they are associated.
Click Apple Push Certificates portal. In the new tab, sign in to the Apple portal with the Apple ID and password you used when you created the certificate. Next to the certificate you want to renew, click Renew and accept the terms of use.
If the APNs certificate has expired, then you can no longer manage the Apple devices. In this case, you have to renew the expired APNs certificate at the earliest to continue managing them.
The Apple MDM push certificate is valid for 365 days. You must renew it annually to maintain iOS/iPadOS and macOS device management. Once the certificate expires, there is a 30-day grace period to renew it.
To use advanced management with Apple iOS devices, you need an Apple push certificate. The certificate establishes a trusted connection between iOS devices and your organization's domain.
Your Apple Push Services Certificate will no longer be valid in 30 days. To generate a new certificate, sign in and visit Certificates, Identifiers & Profiles. To learn more about expired certificates, visit the certificates support page.
Sign in to your Apple Developer account and navigate to Certificates, IDs & Profiles > Certificates > Production. Add a new certificate. Set up a certificate of type Production and activate App Store and Ad Hoc. Click Continue.
In the Keychain Access app on your Mac, click Certificates in the Category list, then double-click the certificate you want to evaluate. Choose Keychain Access > Certificate Assistant > Evaluate [certificate name].
Re-enroll the device. If the certificate cannot be renewed for any reason, it will be necessary to re-enroll the device. This will remove the MDM enrollment profile containing the expired certificate. When the device is re-enrolled, the enrollment profile will contain the new certificate.
Apple requires this certificate be renewed every 365 days. The process for renewing the Apple Push Certificate is essentially the same as creating a new one. The critical difference, however, is that the existing certificate must be renewed, and re-uploaded into Dashboard.
You can create at most 2 APNS certificate for each app bundle id you have. 1 for Development and 1 for Production. To create an APNS certificate, you need to choose: Apple Push Notification service SSL (Sandbox) for Development.
Introduction: My name is Carlyn Walter, I am a lively, glamorous, healthy, clean, powerful, calm, combative person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.