Can't renew Apple push certificate and have to create a new one. How do we fix the enrollments?

kyle-gl
New Contributor

Our Apple push certificate expired and we don't have access to the original apple id used to create it. We're going to have to generate a new cert which I assume will break our Jamf Pro enrollments. What needs to be done to fix the enrollments after changing the cert?

3 REPLIES 3

Not applicable

Same thing happened here. You will need to re-enroll the devices. Luckily if you did it via DEP/ASM you can just use recon to grab them again. - I should also note that it only really effects the management calls and VPP pushing of programs, things that use the token.

rayf
New Contributor II

The AppleID we use to renew our push certificate can no longer log into Apple School Manager. Apparently it is not the right type of ID, as it seems to be now associated with itunes and not VPP.

ladygreyjedi
New Contributor III

I know this is an old thread, but I just went through this and I know someone is going to search this same issue in the future.

For those situations where you can't access the original account to do the renewal, you now have some options. This process took 2 weeks to complete, so do it as soon as you realize that you need to migrate the account.

Go to https://support.apple.com/en-us/HT208643
Call them up for your region Ask them to migrate the certificate over.
They will need the following information during the process:
- Certificate number: Can be found in JAMF Console under Push Certificates
- Original AppleID account if available
- New AppleID account
• Note the name on the account must match the person requesting the migration, even if just temporary
- Company name registered to the certificate
- Company website

You will also need to provide the following documentation:
• Government-issued photo ID
• Employment verification document from your organization or employer
- "We need to verify business document(s) like accounting records, bank statements, legal documents, permits, or Insurance docs, etc."
- I used the unofficial document from VerisafeJobs so I didn't need to provide my social security number nor financials to Apple
​• Employee badge or business card
• Business documents for the company
- We used POs with my name and the company name.

Again it took a couple of weeks of back and forth emails to get it processed, but didn't need to get a whole new certificate. Well worth the time.