Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Configurations
  3. General

Category filter

How to Renew APNs Certificates in Hexnode UEM

Jump To

Apple Push Notification service (APNs) certificates allow the Hexnode UEM server to communicate with and manage Apple devices. These certificates must be renewed annually to maintain device management.

Critical Prerequisites

Before starting the renewal process, ensure you meet these two conditions:

  • Same Apple ID: You must use the same Apple ID that was originally used to create the certificate. Using a different ID will require the re-enrollment of all devices.
  • Renewal vs. Replacement: Renewing an existing certificate maintains your current device connections. Revoking or creating a new certificate from scratch will typically require re-enrolling all devices (with some exceptions – see FAQ).

Step 1: Obtain signed CSR from Hexnode

To begin, you need a Certificate Signing Request (CSR) signed by Hexnode.

  1. Navigate to the Admin tab in the Hexnode UEM console.
  2. Select APNs Settings. Here you can verify the current certificate topic, creation/expiration dates, and the associated Apple ID.
  3. Click the Renew Certificate button.
  4. In the setup window, click Generate CSR.
  5. Download the file: hexnode_signed_casr.txt.

Step 2: Renew Certificate via Apple Portal

  1. Upload the Hexnode CSR to Apple to generate the updated certificate.
  2. Click Next in the Hexnode console, then click Go to Apple push terminal to open the Apple Push Certificates Portal.
  3. Sign in using the original Apple ID.
  4. Locate the correct certificate by matching the Expiration Date shown in the portal with the data in your Hexnode console.
  5. Click Renew next to the specific certificate.
  6. Upload the hexnode_signed_casr.txt file you downloaded in Step 1.
  7. Once processed, the APNs certificate (.pem format) should download automatically. If not, click Download next to the certificate in the portal list.

Step 3: Finalize Renewal in Hexnode

  1. Complete the process by linking the new Apple certificate to Hexnode UEM.
  2. Return to the Hexnode UEM console and click Next.
  3. Upload the .pem file you just received from Apple.
  4. Click Finish to complete the renewal.

Frequently Asked Questions

  1. What happens if the certificate expires?

    If the certificate expires, you lose the ability to manage enrolled Apple devices. You must renew the certificate immediately. In some cases, if the expiration period is too long, re-enrollment may be required.

  2. Can I use a different Apple ID?

    No. If you use a different Apple ID, the certificate “Topic” will change, and all previously enrolled devices will stop communicating with the MDM. You would then have to re-enroll every device manually.

  3. What if I revoked the certificate?

    If you have revoked the APNs certificate, you can still manage already enrolled devices by performing a renewal. In this specific scenario, re-enrollment is generally not required if the renewal is processed correctly.

  4. Should I create a new certificate every year?

    It is highly recommended to renew the existing certificate rather than creating a new one. Renewal is the only way to ensure uninterrupted management of your existing device fleet.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Configurations