Summary
APNs certificate downloaded from Apple only have one year validity from the date the certificate(s) was created. To make sure the managed iOS devices do not have to be re-enrolled into TMMS for Enterprise, the APN certificate has to be renewed before it expires.
If the APNs certificate is already expired, the renewal steps will no longer work. A new APNs certificate will have to be generated and the mobile devices re-enrolled.
Details
Follow these steps to renew the APNs certificate so users won't have to re-enroll their iOS mobile devices:
- Log in to the Apple Push Certificates Portal you used to generate your previous APNs certificate.
- On the Portal click Renew.
- It will redirect to the page requesting Vendor-signed CSR. Follow the KB article to create the Certificate Signing Request.
- Go to Trend Micro Website Apple Push Notification Certificate Signing Request Form for us to sign the generated CSR. Then use the Vendor-signed CSR on the Apple Website to proceed with the renewal.
- Download the new certificate from Apple APN Certificate Portal.
- Change the extension name of the renewed certificate from PEM to CER (e.g. Mobile Device Management.PEM to Mobile Device Management.CER).
- Go to IIS Manager ServerName Server Certificates.
- On the right pane, click Complete Certificate Request. The Complete Certificate Request Wizard will appear.
If you are using IIS 7.5, clicking the complete Certificate Request may display the following error message:
"A certificate chain could not be built to a trusted root authority."
If this happens, refer to Page C-17 in Configuring IIS 7.5 for APNs Certificate Installation for the procedure to resolve this issue.
- Locate the CER file.
- On Friendly Name, type Trend Micro Mobile Security for Enterprise MDM APNs.
- Follow the prompts and complete the wizard.
- Verify that your Apple Production Push Services certificate appears on the Server Certificates list.
- Right-click the certificate in the Server Certificates list, and click Export.
- Select the location where you want to save the file, choose a password for exporting, and then click OK.
If you are using a Mac Workstation to install the APNs certificate, please refer to Page C-22: Step 3. in Installing your APNs certificate.
- Re-upload the certificate to Mobile Security for Enterprise console. Please refer to Page C-23 in Installation and Deployment Guide, for the steps.
TMMS for Enterprise has a notification feature that will notify an administrator one month prior to the APN expiration date. Refer to Page 4-20: Configuring Administrator Notifications in Installation and Deployment Guide for TMMS.
Please refer to the screenshot below for the expected result, which shows the APNs certificate having the same Credential name but a new Expiration Date:
