Category filter

How to Renew APNs Certificate?

APNs certificates are required to send push notifications from the MDM server to Apple devices. This article shows how you can renew the APNs certificate.

Two important things to be cared about

  1. The APNs certificate has a validity of 1 year from the date of creation, so it is better to renew the existing one before the date of expiration or create a new APNs certificate every year.
  2. Renew the certificate with the same Apple ID that was used to create the certificate for the first time. You’ll need to re-enroll all devices if you use a different Apple ID.

The renewal process is almost as same as that of generating a new certificate. Note that the given steps apply for Hexnode UEM.


  • If you want to obtain a new APNs certificate instead of renewing, you’ll need to re-enroll devices.
  • If the APNs certificate gets expired, you will no longer be able to manage the enrolled Apple devices. In such cases, you will need to re-enroll all devices after renewing or creating a new APNs certificate.
  • If you have revoked the APNS certificate, you will only have to renew the certificate to manage the already enrolled devices. The devices need not be enrolled again.

Step 1: Obtain signed Certificate Signing Request from Hexnode

  1. Go to the Admin tab in Hexnode MDM console and select APNs settings. You’ll be able to see the topic, date of certificate creation, expiration and your Apple ID used to generate the certificate. There’ll be a message saying your certificate expires within certain days if the certificate is approaching expiration.
  2. Click on the Renew Certificate button, and you’ll be taken to a setup window, where you can generate a new Certificate Signing Request (CSR).
  3. Click on the Generate CSR request, and you’ll be able to download the CSR (hexnode_signed_casr.txt).

Step 2: Renew APNs Certificate

Now that we have a CSR, let’s upload it to the Apple Push Certificates Portal to generate a new APNs certificate.

  1. Click Next and then on ‘Go to Apple push terminal’, and you’ll be redirected to Apple Push Certificates Portal.
  2. Sign in to Apple Push Certificate Portal with your Apple ID and password used previously for generating the certificate.
  3. A list of all certificates generated with your Apple ID will be shown, including the expired and revoked ones.
  4. Identify the certificate that is to be renewed using the Expiration date provided in the portal. Click on Renew, and on the next page, upload the CSR obtained earlier from the Hexnode MDM console.
  5. When you upload the CSR, the APNs certificate is generated automatically and downloaded to your computer (.pem file format). To manually download the certificate, go to Apple Push Certificates Portal where you will find all your certificates. Find the required certificate and click on Download to download the certificate.
  6. When you have a new APNs certificate from Apple, go back to Hexnode MDM console, and click on the Next button. At this point, you’ll be asked to upload the certificate to Hexnode. Upload the valid certificate. When you are done, click Finish to renew the APNs certificate.

Troubleshooting Tips

  • Configurations