Why do you need an Apple APNs certificate?

Apple requires that each organization maintain their own certificate to ensure a secure mechanism for their corporate devices to communicate across Apple’s push notification messaging network.


What if I want to use AirWatch’s Software as a Service infrastructure?

The requirement is the same. Regardless of whether your organization deploys in AirWatch’s SaaS environment, an appliance or in premise, your AirWatch MDM environment and all communication with your organization’s devices will be validated based upon your organization’s APNs certificate.


Do we need a certificate for a trial?

Yes. In order to manage any of your organization’s devices, AirWatch is required to use your organization’s specific APNs certificate. AirWatch does not have the ability to provide a “demo” or temporary certificate for testing.


How do I generate an APNs certificate for the first time?

Generating an APNs certificate is a three-step process. First, Download the AirWatch-Signed CSR from the AirWatch Admin Console. Then, upload the AirWatch-Signed CSR to the Apple Push Certificate Portal. Finally Upload the certificate into AirWatch. For more detailed instructions on this process, please read Generating an APNs Certificate for MDM in v6.1 SP1 and Greater.


How do I renew an APNs certificate?

As per Apple policy, 1 year is the maximum length of time you can renew the certificate. Please refer to the attached document below for full instructions.


My APNs certificate does not appear in the Apple Push Certificates Portal

If Apple did not migrate your APNs certificate to the Push Certificates Portal, your APNs certificate may have expired before this change. Please contact AirWatch support and we will help you work with Apple to resolve the issue.


What are the allowed sources of the APNs certificate request?

The APNs certificate request can come from any server. The certificate request doesn't need to come only from the server that has AirWatch installed on it.


I cannot export a .p12 or .pfx file.

If you are trying to export your APNs certificate from your computer and it will only let you save as a .cer file you are not exporting the right file type. A. p12 or .pfx contains both the public and private key pair which is required by Airwatch to communicate with the APNs server. If you are using a Mac, verify you have selected Certificates from the Categories list in the key chain. If you still have the problem repeat the process from scratch deleting all existing files and certificates.


AirWatch is failing to upload my APNs certificate.

If you are getting an error trying to upload your APNs certificate to AirWatch, please verfiy it is in the .p12 or.pfx format and you are typing the correct password set when exporting the certicate. If you still are having problems, verify the certificate is not corrupt by trying to install it on a Windows or Mac workstation by double- clicking the file. If the problem persists, please contact Account Services & Support or submit a support ticket through myAirWatch. 


Why does AirWatch say my APNs Topic is invalid?

As of iOS 4.X Apple requires MDM providers to use topics in the notation "com.apple.mgmt. *" where the *" is a wildcard that can be anything. This allows Apple to isolate APNs traffic from MDM messages and those to traditional iOS Apps. To prevent you from uploading a certificate with a non- compliant topic, AirWatch checks the certificate you upload and displays the "invalid" error if it doesn't match the Apple standards.


What happens if I do not renew my APNs certificate?

The devices will continue to work but they will become unmanageable from the Console. You will not be able to push profiles, policies, applications or other commands from the Console to the device. The "last seen" column in the Console will no longer be refreshed unless manual sync/send data is done on the device.


The Apple Push Certificates Portal asks for a valid Apple ID and password. What should I use?

An Apple Developer Account is not required for sign in. While any valid Apple ID will work, we recommend you create a separate Apple ID linked to your corporate email account for long-term management.  


If I do not know the Apple ID/Password originally used when setting up APNs, how do I get in touch with Apple directly?

General inquires and requests for assistance are handled by Apple Developer Program Support.


Have more questions? Submit a request


Article is closed for comments.