Renewing the Push Certificate

jasenrobinson
New Contributor II

Hello,

Looking for guidance. My co-worker who was supporting Jamf left so I have taken over. Our MDM Push Notification Certificate expires the first week of January.  I was reading the guides on how to renew the certificate (see steps below) But I'm confused on step 4. How do I know if the server hosting JAMF has an outbound connection? Also do I need to download the token from ABM prior to renewing the certificate. 

 

  1. In Jamf Pro, click Settings 

     

    ,in the top-right corner of the page.
  2. In the Global section, click Push certificates 

     

  3. Click the push certificate, and then click Renew 

     

  4. Choose a method for renewing the push certificate:
    • If the server hosting Jamf Pro has an outbound connection, select Download signed CSR from Jamf Account.
 Jamf Pro connects to Jamf Nation over port 443 and obtains the signed CSR.

    • If the server hosting Jamf Pro does not have an outbound connection, select Download CSR and sign later using Jamf Account.

    • If you have a new push certificate in .p12 format, select Upload push certificate (.p12).

  5. Follow the onscreen instructions to renew the push certificate.

Thank you!

2 ACCEPTED SOLUTIONS

atomczynski
Valued Contributor

atomczynski
Valued Contributor

I recommend three to four weeks prior to the expiration. You would not want some sort of system outage to affect you and miss the deadline.

Create a calendar item for it and put in a reminder or two so that you don't miss it. Example the day falls on a day off, etc.

View solution in original post

10 REPLIES 10

obi-k
Valued Contributor II

Jamf support can help you with this. It's asking if your JSS Server can talk to the Internet. Don't download the ABM cert prior; do it when the JSS steps ask you to.

 

jasenrobinson
New Contributor II

@obi-k Thank you that is what I thought. I just want to make sure I get this done right the first time.

atomczynski
Valued Contributor

Check out this write-up.

Other things need to be updated/maintained yearly.

 

https://www.linkedin.com/pulse/importance-maintaining-your-apple-automated-device-token-tomczynski/?...

@atomczynski Awesome write up! This makes the process way more understandable. 

Tribruin
Valued Contributor II

One thing to make sure of now is that you have the AppleID  and the password that was used to create the current APNS certificate. You will need to login in to the Apple APNS site with the same ID and use the Renew function. If you try and use a different AppleID and create a new certificate, then your communication to your devices will break. 

 

If you don't have the AppleID and Password, open a case with Apple as soon as possible. They can help move the certificate from one AppleID to another. 

jasenrobinson
New Contributor II

@Tribruin Thank you for the info. This really helps! Also Since the cert does not expire until January, do I have to wait until the day before the cert expires to update it or can I do it now?

Tribruin
Valued Contributor II

You can do it at any time. I typically do it about a week to two weeks before the expiration date. 

atomczynski
Valued Contributor

I recommend three to four weeks prior to the expiration. You would not want some sort of system outage to affect you and miss the deadline.

Create a calendar item for it and put in a reminder or two so that you don't miss it. Example the day falls on a day off, etc.

Hi atomczynski,

I just updated the cert, but Jamf is still showing the old expiration date. Shouldn't that have updated to the new date, or does it take time? 

atomczynski
Valued Contributor

It's my understanding that it happens right away. You have selected "Save" in the bottom right of the window. Right?