The following description is intended for all administrators of IKARUS mobile.management (IMM) who want to manage Apple iOS or macOS devices.
According to Apple’s terms and conditions every MDM customer needs an individual Apple Push Notification Service Certificate (short: APNS certificate) for managing iOS and macOS devices.
The certificate can be created and managed directly by the customer in his or her MDM system and the Apple Portal.
The Apple-ID that has been used for the creation of the certificate is needed to the annual renewal.
Important: If the certificate is not renewed in time and expires, already enrolled devices cannot be managed anymore.
1.1 Prerequisites – Organization info
In the MDM system navigate to Global > Settings > Apple > Organization info and complete the shown field by entering your corporate data.
1.2 Prerequisites – Apple-ID
Open https://identity.apple.com and create an Apple-ID which is can be used to log in to this portal.
2. Create and apply the APNS certificate
Perform the following steps to create the APNS certificate.
- Log in to your MDM system.
- Navigate to Global > Settings > Apple > General options
- Click on the “Download CSR” button.
- Save the CSR locally on your computer.
- Open a new browser tab, navigate to https://identity.apple.com and log in with the previously mentioned Apple-ID.
- Click on the button „Create a certificate”.
- Confirm the terms and conditions.
- Add a small note (optional) and upload the CSR from steps 3 and 4.
- You will see a confirmation screen.
- Click on the button „Download“
- Save the certificate locally on your computer.
- Open the browser the where the MDM user interface is available.
- Navigate to Global > Settings > Apple > General Options.
- Click on the button „Edit.”.
- Upload the certificate from step 11.
- Put a note in the field “Apple-ID” which Apple-ID has been used.
- Save your settings.
- An expiraten date and a topic (apple.mgmt.External.xxxxxxxxxxxx) will be shown.
3. Renew and use of the APNs certificate
To renew the APNS-certificate please follow these steps:
- Open https://identity.apple.com and log in with the same Apple-ID of the company that has been used for the initial creation.
- You will see all APNS-certificates that have been created with this Apple-ID.
Hint: If you have several certificates and you are not sure which one is the correct one, click on the “i”- icon. You will see the topic of the certificate and can compare it with the topic shown in the MDM system.
For the renewal of the certificate the same steps are required that have been proceeded during the creation.
- Download the CSR (as done in the creation) from the MDM system.
- In the Apple portal click on the button “renew” next to the dedicated certificate.
- Upload the CSR and save it.
- Download the certificate and upload it in the MDM system’s Apple settings. The expiration date will be updated and the management of Apple devices will work as expected.
Attention: Do not „REVOKE“ an expiring certificate in any case. Do also not create a new certificate.