DEP and an expired APN cert removal(I deleted the expired APN cert and created a new one) HELP!!

Sean_Ginn
New Contributor II

So here is the skinny...

Our APN cert was set to expire, so being the genius(first time JAMF and DEP user) that I am, glossed over the Renew button and deleted the old Push Certificate and added the newly created one. Now I am dealing with the aftermath of APNageddon and it hasn't been a huge deal up to this point, just delete out the old policies and then re-enroll; No big deal. Now I am coming up to the last few device totaling about 64, and since DEP has a really great feature where you can't delete out the old policies I am stuck with the only option of having to Reset a device by using the Erase All Content And Settings to get it to reinstall and re-enroll with the new and corrected APN cert. Has anyone come across this and found an easier way to take care of this, other than have to start over on each device. I was thinking that maybe if I were to upgrade the OS, it might take it back through another activation screen and that would resolve the issue, but I haven't tested this and am not sure if I should even waste my time.

Thanks for the help in advance and I am prepared for the worst.

4 REPLIES 4

Sean_Ginn
New Contributor II

Profiles not Policies

Nick_Gooch
Contributor III

Not 100% sure, but can't you just re-download the old apn cert from Apple and re-upload it?

were_wulff
Valued Contributor II

@Nick_Gooch

Unfortunately, revoking the APN cert from the Apple portal is pretty permanent; they have a few warnings that pop up if you select Revoke that tell you if you continue the cert will be gone and there will be no options for recovery, even from Apple directly.

If it was just removed from the JSS, easy fix, go to Apple and re-download it. If it was revoked from the Apple portal, there isn't any way to get it back. It's one of those things they don't give any wiggle room on.

@Sean_Ginn

I took a look in our ticket system and see that your Technical Account Manager reached out to you about this yesterday afternoon. With DEP and Supervision and all that fun in place, we may not have a choice but to wipe those affected iPads and run them through everything again.

If you have additional questions on that, please either reply to the e-mail your Technical Account Manager sent to you, or you can ask them here and I can pass them along, though replying to his e-mail may be faster.

Thanks!
Amanda Wulff
JAMF Software Support

Nick_Gooch
Contributor III

Oh I missed that is was deleted from the Apple portal. I thought it was just deleted in the JSS.