To generate Apple Push Notification (APN) Certificate, do the following:

1. Generate a Certificate Signing Request (CSR).
2. Do one of the following:
   • Use the certificate signed by Trend Micro via the Trend Micro APNs Certificate Signing Portal:
     1. Open the Trend Micro APNs Certificate Signing Portal.
     2. Fill in the required fields. 
     3. Enter your TMMS Activation Code.
     4. Copy and paste your CSR.
     5. Read and accept the Trend Micro License Agreement and Submit.

        After you have successfully submitted the above information, you will be prompted to download the signed CSR and will get a notification about receiving an email with the signed CSR attached.

     6. Upload the CSR to Apple Push Certificates Portal.
         

        For instructions on how to do this, refer to Guide for Generating Apple Push Notification Service Certificate.
   • Use the certificate signed by Apple:
     This option is when you already have an account in Apple Enterprise Developer (paid subscription).
     1. Upload the CSR to your Apple Developer portal (Apple will sign your certificate.).
3. Download the signed certificate from the Apple portal and complete the initial CSR request.
    

   Make sure that you have the following before you begin:

   • Apple Enterprise Developer account (developer.apple.com/programs/ios/enterprise)
   • Your developer account role must be Agent (Admin role will not work)
   • Mac OS X workstation or Windows Server with Administrator permissions
   • Safari or Firefox Web browser
4. Change the extension name of the renewed certificate from PEM to CER (e.g. Mobile Device Management.PEM to Mobile Device Management.CER).
5. Go to IIS Manager ServerName Server Certificates.
6. On the right pane, click Complete Certificate Request. The Complete Certificate Request Wizard will appear.
    

   If you are using IIS 7.5, clicking the complete Certificate Request may display the following error message:

   "A certificate chain could not be built to a trusted root authority."
    

   If this happens, refer to Page C-17 in Configuring IIS 7.5 for APNs Certificate Installation for the procedure to resolve this issue.

    
7. Locate the CER file.
8. On Friendly Name, type Trend Micro Mobile Security for Enterprise MDM APNs.
9. Follow the prompts and complete the wizard.
10. Verify that your Apple Production Push Services certificate appears on the Server Certificates list.
11. Right-click the certificate in the Server Certificates list, and click Export.
12. Select the location where you want to save the file, choose a password for exporting, and then click OK.
     

    If you are using a Mac Workstation to install the APNs certificate, please refer to Page C-22: Step 3. in Installing your APNs certificate.

     
13. Re-upload the certificate to Mobile Security for Enterprise console. Please refer to Page C-23 in Installation and Deployment Guide, for the steps.
     

    TMMS for Enterprise has a notification feature that will notify an administrator one month prior to the APN expiration date. Refer to Page 4-20: Configuring Administrator Notifications in Installation and Deployment Guide for TMMS.