My push notification certificate is expiring soon and I am trying to renew it. I have followed the instructions here:
I have completed this and now see my renewed cert on the Apple Push Certificates Portal. Although I am able to download the new cert from Apple, it is in .pem format and JSS is looking for .p12 format. I must be missing something pretty simple here, can anyone help me with this? Thanks!!!
What I had to do was double click on the PEM file, which loads it into my keychain. For some reason the P12 format can only be done with multiple certs. So select the PEM file you just added and another random cert, right click and export as P12. When JAMF loads it, it only takes the correct one.
A .p12 file should not be required; the mentions of it in the Admin’s Guide are simply for if you happen to have one in that format as the steps to renew or create are slightly different for those using the .p12 format.
I went through renewing a push certificate to one of my test JSSes, and it did not require a .p12 file; I was able to upload the .pem from Apple with no issues.
Just to verify, the steps you’re taking are the following:
Download signed CSR From JAMF Nation >> Enter JAMF Nation Credentials >> JAMFSignedCSR.plist downloads >> Renew the certificate on Apple’s Portal >> Download the .pem file from Apple >> Click Next in the JSS to get to the Upload the Push Certificate (.pem) file >> Upload the .pem file that we just downloaded from Apple.
Are you receiving an error when trying to upload the .pem from Apple?
Our server does not connect to JAMF Nation so I am taking these steps:
Download CSR and sign later using JAMF Nation
Click Next and manually request signed CSR
Once signed I download "JAMFSignedCSR.plist"
I then go to "https://identity.apple.com/pushcert/" and renew my cert, after that it allows me to download the .pem file but I do not see anywhere to upload the pem in JSS, just p12.
Shoot, that was the answer I hoped you wouldn't have.
Currently, that method is not particularly functional due to PI-002889.
There isn't really an awesome workaround for it at the moment, as the workaround requires some good timing in the browser, however, once the downloaded un-signed CSR is saved immediately after we hit "Next", if we're super quick with the keyboard, we can send the browsers Stop command before the page redirects out to JAMF Nation (the redirect is where it breaks as it takes us away from the wizard in the JSS and there's no way to go back), then you can go to JAMF Nation in a separate tab and do the signing.
Since the wizard will still be up in the other tab, you should be able to then continue on with the process and upload the .pem.
If you haven't already, I'd recommend getting in touch with your TAM to get a case open and attached to PI-002889.
Hi @dmw3 ,
If you're trying to follow the same steps outlined above, using the "Download CSR and sign later using JAMF Nation" method of APNS certificate renewal, please read the replies above for the workaround.
We are aware that this is still an issue in 9.96, as the product issue mentioned above is still in an open status. This issue will occur in 9.96 because of that and you will still need to use the workaround steps provided.
If you're still having trouble with it, please get in touch with your TAM so they can dig into it further with you.
Glad to hear the browser redirect issue will be fixed soon. This one bit me as well this year when I needed to renew my APNs push cert. It's a strange issue and honestly, had my TAM not instructed me on what to do to bypass the problem, I would have been stuck since there's no indication of what the heck is going on.
Hello support ,
I am unable to sign the CSR through the URL : https://www.jamf.com/jamf-nation/request-signed-csr.
I select the csr to be signed and then click on "Sign CSR" button and then it shows up 405 Error page. Screenshot attached.
Also, when I try the option to login to JAMF Nation using my credentials, for downloading the signed CSR, it says credentials are not validated and could not download the signed CSR. When I try to login to JAMF Nation in a separate tab , it worked. Wierd!!!!
Can you help me to get the signed CSR ?
SO this is a very old thread but incase anybody has this issue in the future. I had a similar issue and found the problem. When you downloaded the signed CSR, you either closed the browser or hit the back button. The p12 is for a different process. You need to hit Next after you download the CSR. Don't close the window or hit back. It should give you the instructions on where to go to download the apple cert. Once you download the pem from apple, you hit Next again and it will ask to upload the cert. If you have downloaded more than one CSR, only the most recent download will match the pem you received.