Apple Push Certificates

Apple uses Push Notification Certificates to maintain persistent communication between Apple Devices. You must add Push Notification Certificates to Device Management for Apple before you can enroll and manage devices.

Certificates are available from the Apple Push Certificates portal and are valid for one year. To maintain service continuity, the certificate must be renewed before the expiration date.

When a Push Notification Certificate expires, Apple requires a new certificate. If you have to add a new certificate rather than renew one, you must re-enroll your devices in Device Management for Apple.

Device Management for Apple uses a multi-tenancy approach that enables you to add push certificates for your own account and for your clients(customers):

  • Account — Your default enrollment certificate. It applies to devices under Clients that do not have their own certificate. The Account level Enrollment Helper setting applies to devices that use this Account certificate.

    You can only have one account level certificate.

  • Customer — Client specific enrollment certificate. The Client's devices enroll using this certificate and the enrollment settings are applied. Using a client push certificate, you can set a custom enrollment policy for a client and change their Apple relationship from you to the client.

To manage your push certificates, you can:

To open the Push Certificates dialog, on the vertical menu go to Device Management for Apple > Push Certificates.