Add a new Apple Push Certificate

Apple uses Push Notification Certificates to maintain persistent communication between Apple Devices. You must add a Push Notification Certificate before you can enroll and manage devices in Device Management for Apple(DMA).

Certificates are available from the Apple Push Certificates portal and are valid for one year. To maintain service continuity, the certificate must be renewed before the expiration date.

DMA uses a multi-tenancy approach that enables you to add push certificates for your own account and for your clients(customers):

  • Account — Your default enrollment certificate. It applies to devices under Clients that do not have their own certificate.

    You can only have one account level certificate.

  • Customer — Client specific enrollment certificate. The Client's devices enroll using this certificate and the enrollment settings are applied.

Devices require re-enrolment if they are moved between clients with different Push Notification Certificates, or when you add a customer push certificate for a client and their devices were previously registered under your account certificate.

To simplify the enrollment process for new clients, we recommend you add their push certificate before you onboard their Apple devices.

To add an Apple Push Notification Certificate:

Certificate setup

  1. In the left-hand navigation menu, click ConfigurationDevice Management for Apple to view the Dashboard.
  2. Click Add.
    add apple push certificate

  3. Select the certificate type.

    Choice Action
    Select Account

    This option is only available if an account-level certificate does not exist.

    Enter the Apple ID (email address) to create the Certificate Signing Request (CSR) against
    Select Customer
    1. Select the target Client from the Customer drop-down menu
    2. Enter the Apple ID (email address) to create the Certificate Signing Request (CSR) against. We recommend you use an Apple ID that belongs to your Client, for example,

    The email address you enter receives certificate expiry alerts. We recommend you use an active, generic email address to ensure renewal notifications have multiple recipients within your organization. Do not use a personal Apple ID (for example, one that's already associated with the App Store).

  4. Click Download CSR to store the .csr file locally and click Next.

Create Certificate

  1. Click the Apple Push Certificates Portal link to create a certificate:
    Apple Push Certificates Portal
    1. Sign in to the Apple portal with the Apple ID used when the CSR was downloaded (if required).

        Account: sign in using your Apple ID.

        Customer: sign in using your customer’s Apple ID.

    2. In the Apple Push Certificates Portal section, click Create a Certificate and accept Apple’s Terms of Use (where satisfactory).
    3. Click Choose file to navigate to the location of the .csr file and click Upload.
    4. Enter any relevant information in the Notes field and click Upload.

      The Confirmation screen provides information on the Service, Vendor, and the certificate's Expiration Date.

    5. Click Download to retrieve a copy of the certificate (.pem file).
  2. Return to the N-centraland click Next.

Upload Certificate

  1. Drag and drop the Apple Push Notification certificate (.pem) file into the main window or use browse to navigate to the file and select it.
  2. Click Finish.


Review the confirmation message. Information about the certificate including its expiration date is displayed.