Renewing Push Certificate Message: Warning Existing devices that are enrolled with Jamf Pro...

Bish
New Contributor

I am relatively new and not very knowledgeable when it comes to certificates.  About a year ago I successfully created our company's push certificate for JAMF Pro (cloud version), and it is about to expire in a couple weeks.  In attempting to renew our push certificate for another year I get the following message after I upload the new .pem file I downloaded from Apple. 

"WarningExisting devices that are enrolled with Jamf Pro will no longer respond to push notifications."

Bish_0-1741621915951.png

What does this mean?  What will happen if I complete the process as-is?  Will I need to re-enroll my devices?  Will they stop responding to JAMF?  Should I wait until the actual expiration date to create a new push certificate?  

I believe I am using the same Apple ID, but is there a way to check or verify this?  

Any help would be appreciated.

Mark Bishop
Community Action, Inc. of Central Texas

1 ACCEPTED SOLUTION

Valcovish
New Contributor III

Yes, this is a very common issue. The Apple ID that was originally used to configure APNs (Apple Push Notification Service) needs to be used again when renewing the certificate; otherwise, your devices will not receive notifications or MDM commands.

To avoid problems caused by personnel changes or losing access to a personal Apple ID, it’s highly recommended to use a dedicated service account for the Apple ID associated with APNs. This ensures that if someone leaves the company or their personal Apple ID credentials are lost, you won’t run into issues renewing the certificate.

View solution in original post

3 REPLIES 3

jtrant
Valued Contributor

The APNs certificate being applied has a different topic than the certificate currently in place.

You must renew the APNs certificate with the same Apple ID that was used to create it, and also ensure that the topic matches if you have multiple solutions in place that leverage APNs. Applying a certificate with a new topic will break MDM communication and require you to re-enroll all of your existing devices.

I strongly recommend that you do not proceed and contact Jamf Support.

Valcovish
New Contributor III

Yes, this is a very common issue. The Apple ID that was originally used to configure APNs (Apple Push Notification Service) needs to be used again when renewing the certificate; otherwise, your devices will not receive notifications or MDM commands.

To avoid problems caused by personnel changes or losing access to a personal Apple ID, it’s highly recommended to use a dedicated service account for the Apple ID associated with APNs. This ensures that if someone leaves the company or their personal Apple ID credentials are lost, you won’t run into issues renewing the certificate.

Bish
New Contributor

Thank you for the replies.  I was able to find the original Apple ID used to create this push certificate.  It looks like it is a dedicated company account for this specific purpose.  Thanks all.