Posted on 09-07-2016 07:46 AM
My push notification certificate is expiring soon and I am trying to renew it. I have followed the instructions here:
http://docs.jamfsoftware.com/9.93/casper-suite/administrator-guide/Push_Certificates.html
I have completed this and now see my renewed cert on the Apple Push Certificates Portal. Although I am able to download the new cert from Apple, it is in .pem format and JSS is looking for .p12 format. I must be missing something pretty simple here, can anyone help me with this? Thanks!!!
Posted on 09-07-2016 08:11 AM
What I had to do was double click on the PEM file, which loads it into my keychain. For some reason the P12 format can only be done with multiple certs. So select the PEM file you just added and another random cert, right click and export as P12. When JAMF loads it, it only takes the correct one.
Posted on 09-07-2016 08:18 AM
That did not work for me, the only cert it would allow me to add it with is expired which then wont allow me to upload it to JSS. Any other way to do this?
Posted on 09-07-2016 08:44 AM
A .p12 file should not be required; the mentions of it in the Admin’s Guide are simply for if you happen to have one in that format as the steps to renew or create are slightly different for those using the .p12 format.
I went through renewing a push certificate to one of my test JSSes, and it did not require a .p12 file; I was able to upload the .pem from Apple with no issues.
Just to verify, the steps you’re taking are the following:
Download signed CSR From JAMF Nation >> Enter JAMF Nation Credentials >> JAMFSignedCSR.plist downloads >> Renew the certificate on Apple’s Portal >> Download the .pem file from Apple >> Click Next in the JSS to get to the Upload the Push Certificate (.pem) file >> Upload the .pem file that we just downloaded from Apple.
Are you receiving an error when trying to upload the .pem from Apple?
Thanks!
Amanda Wulff
JAMF Support
Posted on 09-07-2016 08:55 AM
Our server does not connect to JAMF Nation so I am taking these steps:
Download CSR and sign later using JAMF Nation
Download "PushCertificateCSR.certSigningRequest"
Click Next and manually request signed CSR
Once signed I download "JAMFSignedCSR.plist"
I then go to "https://identity.apple.com/pushcert/" and renew my cert, after that it allows me to download the .pem file but I do not see anywhere to upload the pem in JSS, just p12.
Posted on 09-07-2016 09:05 AM
Shoot, that was the answer I hoped you wouldn't have.
Currently, that method is not particularly functional due to PI-002889.
There isn't really an awesome workaround for it at the moment, as the workaround requires some good timing in the browser, however, once the downloaded un-signed CSR is saved immediately after we hit "Next", if we're super quick with the keyboard, we can send the browsers Stop command before the page redirects out to JAMF Nation (the redirect is where it breaks as it takes us away from the wizard in the JSS and there's no way to go back), then you can go to JAMF Nation in a separate tab and do the signing.
Since the wizard will still be up in the other tab, you should be able to then continue on with the process and upload the .pem.
If you haven't already, I'd recommend getting in touch with your TAM to get a case open and attached to PI-002889.
Thanks!
Amanda Wulff
JAMF Support
Posted on 09-07-2016 09:43 AM
Haha, thanks @amanda.wulff that little trick worked great! I was able to successfully renew the cert!
Posted on 09-07-2016 09:45 AM
Great news!
Glad to hear the workaround worked. Hopefully, we'll get it sorted out soon and you won't have to be super quick on the stop button in the browser to keep it moving along as it should.
Amanda Wulff
JAMF Support
Posted on 09-08-2016 08:18 PM
Just ran into this issue on our test server when updating the JSS from 9.91 to 9.96, no way to upload the .pem file.
Posted on 09-09-2016 06:44 AM
Hi @dmw3 ,
If you're trying to follow the same steps outlined above, using the "Download CSR and sign later using JAMF Nation" method of APNS certificate renewal, please read the replies above for the workaround.
We are aware that this is still an issue in 9.96, as the product issue mentioned above is still in an open status. This issue will occur in 9.96 because of that and you will still need to use the workaround steps provided.
If you're still having trouble with it, please get in touch with your TAM so they can dig into it further with you.
Thanks!
Amanda Wulff
JAMF Support
Posted on 10-26-2016 11:52 AM
Recommendation. Instead of having it redirect out of the JSS for the next step how about having it open another tab. Might resolve a lot of issues.
Posted on 03-14-2017 05:34 AM
Wow, this is a stupid issue. Got it to work. Hopefully they fix it soon. Unacceptable if you ask me!
Posted on 03-14-2017 06:42 AM
@Bhughes This issue is fixed in 9.98 (currently in beta).
Posted on 03-14-2017 07:41 AM
Glad to hear the browser redirect issue will be fixed soon. This one bit me as well this year when I needed to renew my APNs push cert. It's a strange issue and honestly, had my TAM not instructed me on what to do to bypass the problem, I would have been stuck since there's no indication of what the heck is going on.
Posted on 07-01-2017 08:37 AM
To the poor soul that scanned this thread reading everyones comment on how great the fix was but didn't find the actual key combination to "send the browser's Stop command" in Safari the combo is Command+. (command key & period key)
Posted on 08-23-2017 02:33 PM
and its's august 2017, and it's still not fixed. wow
Posted on 02-02-2018 11:46 AM
Hello support ,
I am unable to sign the CSR through the URL : https://www.jamf.com/jamf-nation/request-signed-csr.
I select the csr to be signed and then click on "Sign CSR" button and then it shows up 405 Error page. Screenshot attached.
Also, when I try the option to login to JAMF Nation using my credentials, for downloading the signed CSR, it says credentials are not validated and could not download the signed CSR. When I try to login to JAMF Nation in a separate tab , it worked. Wierd!!!!
Can you help me to get the signed CSR ?
Regards
Chandramowli G.
Posted on 02-22-2019 08:21 AM
I'm having the same problem as chandramowli is having.
I see now resolution for this anywhere I look. Can someone please help with this?
Posted on 02-19-2020 08:21 AM
SO this is a very old thread but incase anybody has this issue in the future. I had a similar issue and found the problem. When you downloaded the signed CSR, you either closed the browser or hit the back button. The p12 is for a different process. You need to hit Next after you download the CSR. Don't close the window or hit back. It should give you the instructions on where to go to download the apple cert. Once you download the pem from apple, you hit Next again and it will ask to upload the cert. If you have downloaded more than one CSR, only the most recent download will match the pem you received.
Posted on 02-26-2020 01:50 PM
THANKS SO MUCH FOR THIS POST!!!!!!! That simple little back button got me. All fixed now.
Posted on 03-05-2020 07:34 AM
Can confirm that @Tjernigan was the solution to my issue...and now i feel ridiculous lol.