Troubleshooting Apple Push Certificate renewal

Precautions to take before renewing your Apple Push Certificate

To ensure that the renewal process is done correctly, do the following:

Use the same Apple ID that was used to create the certificate to be renewed to sign in to the Apple Push Certificates Portal.
Compare the certificate's Serial number in LogMeIn Resolve MDM to the certificate's Serial Number in the Apple Push Certificate Portal as well as the contents of the Subject field in LogMeIn Resolve MDM to the Subject DN field in the Apple Push Certificate Portal to confirm that you are trying to renew the correct certificate. If the renewed certificate does not match you might receive the following error message in the Renew Apple Push Certificate wizard: The renewed certificate does not match with the currently installed Apple Push Certificate. If you wish to install a different Apple Push Certificate you must first delete the previous one and re-enroll your devices with the new certificate. In order to keep your iOS devices managed find the correct certificate in your company's Apple Push Certificates Portal and renew it to LogMeIn Resolve MDM.
Upload the same csr.txt file that was downloaded from LogMeIn Resolve MDM to the Apple Push Certificates Portal, as described in Renew an Apple Push Certificate.
Upload the correct .pem file to LogMeIn Resolve MDM after downloading it from the Apple Push Certificates Portal. If the uploaded file is incorrect, the following error message is displayed in the Renew Apple Push Certificate wizard: Certificate upload failed. Please check that you are uploading the correct certificate and try again.

If your problem cannot be solved, you must create a new APNs certificate and re-enroll your devices in LogMeIn Resolve MDM using the new certificate. For detailed instructions on how to do this, see Creating an Apple Push Certificate.

Missing Apple ID

If you don't know the correct Apple ID the Apple Push Certificate was obtained with, or you need to move the existing Apple Push Certificate to another Apple ID, do the following:

Contact Apple Deployment Programs Support. If a phone number for your country or region is not available, send an email to apns_programs@apple.com.
Provide all relevant information to Deployment Programs Support. They might ask for the following:
- Whether you are requesting to reassign a certificate that is in use with an MDM solution
- The name, physical address, and website address of the organization that owns and operates the devices associated with the certificate
- The contact information of the person who obtained the certificate that your organization is currently using
- Details of the issue you are trying to resolve by reassigning the certificate (for example, moving the certificate to a new Apple ID because the original owner has left the company)
- Details about the certificate, such as the following:
  - Serial number, available on your LogMeIn Resolve MDM site by navigating to Infrastructure diagram and hovering over the Apple Push Notification Service icon
  - Expiration date, available on your LogMeIn Resolve MDM site by navigating to Infrastructure diagram and hovering over the Apple Push Notification Service icon
  - Subject DN, available on your LogMeIn Resolve MDM site by navigating to Infrastructure diagram and hovering over the Apple Push Notification Service icon
  - Current Apple ID, if known
    Note: While the Apple ID is shown in the Infrastructure diagram, this field is filled in manually when creating the Apple Push Certificate. LogMeIn Resolve MDM cannot verify the validity and correctness of the Apple ID entered in this field.
- Your contact information, such as your name, phone number, email address, job title, employer and department name
- Details about the Apple ID to which the certificate is to be moved, such as the owner's name, phone number, email address, and Apple ID
- Relevant additional information
Deployment Programs Support might require additional identity verification before the certificate is moved to a new Apple ID. After the certificate is moved, the new Apple ID can be used to sign in to the Apple Push Certificates Portal to find the certificate.

Expiring certificate has been deleted and a new one has been created

If you delete an existing certificate and create a new one instead of renewing your expiring certificate, your managed devices will no longer synchronize with LogMeIn Resolve MDM. To remedy the issue, you first have to remove the new, incorrect certificate from LogMeIn Resolve MDM, then add the previous, correct certificate again. This action renews the expiring certificate.

In LogMeIn Resolve MDM, navigate to System > Infrastructure diagram and hover over the Apple Push Notification Service icon.
Select Delete to remove the incorrect, new certificate by following the steps in the wizard.
Navigate to System > Infrastructure diagram and hover over the Apple Push Notification Service icon again.
Select Create.
Sign in to the Apple Push Certificates Portal using the Apple ID that was used to create the previous certificate.
Find the previous certificate, then select Renew.
Follow the steps described in Renew an Apple Push Certificate to add and renew the correct certificate.

Certificate to be renewed cannot be found

If you cannot find the certificate to be renewed and Apple support cannot help you, you must remove the certificate from LogMeIn Resolve MDM and re-enroll your devices with a new certificate as follows:

In LogMeIn Resolve MDM, navigate to System > Infrastructure diagram and hover over the Apple Push Notification Service icon.
Select Delete to remove certificate by following the steps in the wizard.
Create a new certificate as described in Creating an Apple Push Certificate.
Enroll your devices in LogMeIn Resolve MDM again.