Push Notification Certificate Renewal

rharrington
New Contributor II

My push notification certificate is expiring soon and I am trying to renew it. I have followed the instructions here:

http://docs.jamfsoftware.com/9.93/casper-suite/administrator-guide/Push_Certificates.html

I have completed this and now see my renewed cert on the Apple Push Certificates Portal. Although I am able to download the new cert from Apple, it is in .pem format and JSS is looking for .p12 format. I must be missing something pretty simple here, can anyone help me with this? Thanks!!!

20 REPLIES 20

roiegat
Contributor II

What I had to do was double click on the PEM file, which loads it into my keychain. For some reason the P12 format can only be done with multiple certs. So select the PEM file you just added and another random cert, right click and export as P12. When JAMF loads it, it only takes the correct one.

rharrington
New Contributor II

That did not work for me, the only cert it would allow me to add it with is expired which then wont allow me to upload it to JSS. Any other way to do this?

were_wulff
Valued Contributor II

@rharrington

A .p12 file should not be required; the mentions of it in the Admin’s Guide are simply for if you happen to have one in that format as the steps to renew or create are slightly different for those using the .p12 format.

I went through renewing a push certificate to one of my test JSSes, and it did not require a .p12 file; I was able to upload the .pem from Apple with no issues.

Just to verify, the steps you’re taking are the following:

Download signed CSR From JAMF Nation >> Enter JAMF Nation Credentials >> JAMFSignedCSR.plist downloads >> Renew the certificate on Apple’s Portal >> Download the .pem file from Apple >> Click Next in the JSS to get to the Upload the Push Certificate (.pem) file >> Upload the .pem file that we just downloaded from Apple.

Are you receiving an error when trying to upload the .pem from Apple?

Thanks!
Amanda Wulff
JAMF Support

rharrington
New Contributor II

Our server does not connect to JAMF Nation so I am taking these steps:

Download CSR and sign later using JAMF Nation
Download "PushCertificateCSR.certSigningRequest"
Click Next and manually request signed CSR
Once signed I download "JAMFSignedCSR.plist"
I then go to "https://identity.apple.com/pushcert/" and renew my cert, after that it allows me to download the .pem file but I do not see anywhere to upload the pem in JSS, just p12.

were_wulff
Valued Contributor II

@rharrington

Shoot, that was the answer I hoped you wouldn't have.

Currently, that method is not particularly functional due to PI-002889.

There isn't really an awesome workaround for it at the moment, as the workaround requires some good timing in the browser, however, once the downloaded un-signed CSR is saved immediately after we hit "Next", if we're super quick with the keyboard, we can send the browsers Stop command before the page redirects out to JAMF Nation (the redirect is where it breaks as it takes us away from the wizard in the JSS and there's no way to go back), then you can go to JAMF Nation in a separate tab and do the signing.

Since the wizard will still be up in the other tab, you should be able to then continue on with the process and upload the .pem.

If you haven't already, I'd recommend getting in touch with your TAM to get a case open and attached to PI-002889.

Thanks!
Amanda Wulff
JAMF Support

rharrington
New Contributor II

Haha, thanks @amanda.wulff that little trick worked great! I was able to successfully renew the cert!

were_wulff
Valued Contributor II

@rharrington

Great news!

Glad to hear the workaround worked. Hopefully, we'll get it sorted out soon and you won't have to be super quick on the stop button in the browser to keep it moving along as it should.

Amanda Wulff
JAMF Support

dmw3
Contributor III

Just ran into this issue on our test server when updating the JSS from 9.91 to 9.96, no way to upload the .pem file.

were_wulff
Valued Contributor II

Hi @dmw3 ,

If you're trying to follow the same steps outlined above, using the "Download CSR and sign later using JAMF Nation" method of APNS certificate renewal, please read the replies above for the workaround.

We are aware that this is still an issue in 9.96, as the product issue mentioned above is still in an open status. This issue will occur in 9.96 because of that and you will still need to use the workaround steps provided.

If you're still having trouble with it, please get in touch with your TAM so they can dig into it further with you.

Thanks!
Amanda Wulff
JAMF Support

hunter990
New Contributor III

Recommendation. Instead of having it redirect out of the JSS for the next step how about having it open another tab. Might resolve a lot of issues.

Bhughes
Contributor

Wow, this is a stupid issue. Got it to work. Hopefully they fix it soon. Unacceptable if you ask me!

peter
New Contributor III

@Bhughes This issue is fixed in 9.98 (currently in beta).

mm2270
Legendary Contributor II

Glad to hear the browser redirect issue will be fixed soon. This one bit me as well this year when I needed to renew my APNs push cert. It's a strange issue and honestly, had my TAM not instructed me on what to do to bypass the problem, I would have been stuck since there's no indication of what the heck is going on.

eddiel0w
New Contributor III

To the poor soul that scanned this thread reading everyones comment on how great the fix was but didn't find the actual key combination to "send the browser's Stop command" in Safari the combo is Command+. (command key & period key)

hdsst3
New Contributor

and its's august 2017, and it's still not fixed. wow

Not applicable

Hello support ,

I am unable to sign the CSR through the URL : https://www.jamf.com/jamf-nation/request-signed-csr.

I select the csr to be signed and then click on "Sign CSR" button and then it shows up 405 Error page. Screenshot attached.

Also, when I try the option to login to JAMF Nation using my credentials, for downloading the signed CSR, it says credentials are not validated and could not download the signed CSR. When I try to login to JAMF Nation in a separate tab , it worked. Wierd!!!!

Can you help me to get the signed CSR ?

Regards
Chandramowli G. 5b66bebea7e44c6aa4e431d3e48403d4

rnolasco
New Contributor

I'm having the same problem as chandramowli is having.

I see now resolution for this anywhere I look. Can someone please help with this?

Tjernigan
New Contributor III

SO this is a very old thread but incase anybody has this issue in the future. I had a similar issue and found the problem. When you downloaded the signed CSR, you either closed the browser or hit the back button. The p12 is for a different process. You need to hit Next after you download the CSR. Don't close the window or hit back. It should give you the instructions on where to go to download the apple cert. Once you download the pem from apple, you hit Next again and it will ask to upload the cert. If you have downloaded more than one CSR, only the most recent download will match the pem you received.

dufurl
New Contributor

THANKS SO MUCH FOR THIS POST!!!!!!! That simple little back button got me. All fixed now.

oartola
New Contributor II

Can confirm that @Tjernigan was the solution to my issue...and now i feel ridiculous lol.