Help

Expired Apple Push Notification certificate

rgreenjr724
New Contributor II

Posted on ‎10-28-2020 10:59 AM

We had our APN certificate expire in our Jamf Cloud instance, and we were unable to renew it because we couldn't figure out what Apple ID was used to create it. Unfortunately, the team that would have created the original is no longer with the company, and we were forced to use a new Apple ID and create a new cert.

Is there a simple way to update the existing mdm profile on the computers to use the new apn cert? Or a simple way to re-enroll the computers in the background? We are completely remote, and setting up time with each employee to do this will be incredibly difficult. Also, we use DEP enrollment.

I've tried sudo jamf removeMDMprofile and nothing happened.
I've also tried sudo jamf mdm and sudo jamf manage.

So far, the only thing that's worked is to run sudo jamf removeFramework, followed by sudo rm /var/db/.AppleSetupDone, and then rebooting, creating a fake user, going through the enrollment again, then deleting the fake user. With our current setup, this would be almost impossible to do for every user.

Thanks ahead of time for any help!

5 REPLIES 5

Tribruin
Valued Contributor II

Posted on ‎10-28-2020 11:38 AM

How long ago did the APNS certificate expire? If it is very recently, contact AppleCare Support. They do have a way to move the certificate to a different AppleID and then you can renew it there.

rgreenjr724
New Contributor II

Posted on ‎10-28-2020 12:23 PM

Unfortunately, I tried contacting AppleCare Support and they told me that I didn't have enough information for them to make the adjustment. Since then, we have already uploaded a new certificate (we figured it was our only option at that point) and we're now hoping for a possible simple way to re-enroll.

0 Kudos

Dylan_YYC
Contributor III

Posted on ‎10-28-2020 01:56 PM

You might need to call Jamf Support. I have a feeling you may need to manually re-enroll each device.

0 Kudos

ben_whitis
New Contributor II
New Contributor II

Posted on ‎10-28-2020 08:59 PM

Hey @rgreenjr724 please contact Jamf Support asap. It IS possible for Apple to help if the Serial on the old push certificate can be identified.

Many times support can help retrieve that old serial, it's definitely worth a shot if the alternative is a full re-enroll.

Oops_wasn_t_me
New Contributor III

Posted on ‎10-29-2020 04:31 PM

Agree with Ben - rgreenjr724, well worth contacting Jamf Support to see what magic they can do. I encountered the same problem with a customer earlier this week - a lost Apple ID for Apples APNS portal. Hayden @ Jamf Support was super helpful with insight and guidance.

In my scenario, there were only a small number of macOS device and no iOS devices; we could have remote connected and undertaken a manual re-enrol for each device but would have been very disruptive for end users due to the number of policies in play. In the end, Apple Support were able to move the APNs portal access (from lost Apple ID) to another corporate Apple ID in about 3 hours. Amazing experience compared to the process 3 years ago (the last time I had to do one of these "11th-hour-crisis").

For anyone else who might stumble across this discussion, and is looking for possible answers with with Apple IDs and APNs:
Apple Support is here : https://support.apple.com/en-us/HT208643
Apple Support will require the current MDM certificate Identifier and Serial number. Please see below example
!optional image ALT text](![
266c84a146714e5f962888e6c45b3ce6
)