Skip to main content

Our server admin recently left and conveniently, during this time our push certificate somehow was revoked. I am attempting to renew it, however, I am getting an error that states the following "Existing devices that are enrolled with Jamf Pro will no longer respond to push notifications."

I'm just wondering if this applies to OSX/macOS devices or if it is just for iOS devices. We only have about 50 iPads currently enrolled and having to re-enroll them wouldn't be a huge deal, but we have over 1100 macs that trying to re-enroll would be an almost impossible task. I've seen in various other posts that macOS devices will simply correct itself when it checks in and others say that it will require re-enrollment. Does anyone know for sure what the process will be?

Thanks in advance.

Hey UnMerryMelodies, I can help answer this.

So, to start with, that error indicates we're trying to renew the Push Cert with a different Apple ID than it was created with. If you can track down the original Apple ID and sign in with that, then this whole problem goes away. However, if the last admin had it under their personal Apple ID, then, that's that. Going forward I would suggest making sure it's on an organizational Apple ID that'll stay with the company if you were to leave.

As far as impact, it'll affect everything, however the macOS side will be easily remediated by pushing out a script that does:

sudo jamf removeMDMprofile
sudo jamf mdm

One note on this, as of right now, that'll "break" the User-Approved MDM status if that has been set up. The user will have to re-approve the profile. So far, this is only an issue if you need to approve kernel extensions.

iOS devices will absolutely have to be re-enrolled.

Hope that helps :)

Is there a way to transfer the cert to a new Apple ID without having to re-enroll if the original Apple ID is currently accessible(I haven't left)?

Anybody?

Is there a way to move the certificate from one appleid to another?
My ex-boss managed to create this certificate (not knowing really what that meant) with his (managed) AppleID, so at least I managed to reset password/phone, but I do not want to keep his AppleID alive just for the Push certificate purposes

I don't think there's a way you can move to another Apple ID generated Push Cert and just have it 'work' You'll need to re-enroll the devices with that new push cert. Macs are a little easier to deal with in this regard, but iOS devices are going to be a pain.

You can now call Apple for help:
https://support.apple.com/en-us/HT208643

Craig

Terms & ConditionsCookie settingsAccessibility statement