Sophos Mobile: How to Renew APNs certificate for Apple Mobile.


Sophos Mobile needs your organization’s Apple Push Notification service (APNs) certificate to manage your iPhones, iPads, and Macs. APNs certificates have a validity period of one year.

When the APN certificate expires, the following message will be displayed on Sophos Central Mobile: “Your Apple Push Notification service (APNs) certificate has expired. You must renew it to continue managing Apple devices”.

The article will show you how to renew your APNs certificate as well as show you how to identify the correct APNs certificate for renewal.


Step 1: Download Certificate singing request.

Login Sophos Central Admin > Mobile > Setup > Apple Setup > APNs.

You need to note this Topic sequence to identify the correct renewal of the certificate.

Note: If renew the wrong certificate, you must enroll apple device again.

Click the APNs certificate wizard.

Choose Renew my APNs Certificate. Click Next.

Click Download certificate signing request.

You will download a apple.csr file

Step 2: Renew certificate on Apple portal.

After downloaded the apple.csr file. Click Next.

Sophos Mobile stores and displays the Apple ID used to generate the initial APN certificate.
You need this ID to sign in to the Apple portal. Click Next.

Click Renew certificate on the Apple portal.

Enter the Apple ID above. Click the arrow sign.

In the Apple portal, it is important that you select the correct APNs certificate for renewal. If you renew the wrong certificate, you might need to re-enroll all iPhones, iPads, and Macs.

In the list of APNs certificates, click the Certificate Info icon next to the top most certificate entry.

You check the UID to see if it matches the Topic in step 1. If not, click Cancel.

Continue to select the second certificate and check the UID information. If it matches Topic, then this is the right certificate to renew.

Click Renew the second certificate from the top.

Step 3: Upload certificate signing request.

After click Renew, the Renew Push Certificate panel appears, select Choose file.

Select the apple.csr file you just downloaded in step 1.

Choose Upload.

Choose Download.

Step 4: Upload Renew APNs Certificate

Go back to step 2, click Next.

Click Upload Certificate.

Select MDM_Sophos Limited_Certificate .pem file downloaded in step 3.

After upload check “Expiration date” to see the expiration date in 1 year. Click Save.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.