Push Certificates

The JSS requires a valid push certificate to communicate with APNs. This communication is required to do the following:

  • Send macOS configuration profiles and macOS remote commands to computers.

  • Distribute Mac App Store apps to computers.

  • Enroll and manage iOS devices.

An assistant in the JSS guides you through the following steps to create a new push certificate (.pem) and upload it to the JSS:

  1. Obtain a signed certificate request (CSR) from Jamf Nation.

  2. Create the push certificate in Apple’s Push Certificates Portal by logging into the portal, uploading the signed CSR obtained from Jamf Nation, and downloading the resulting push certificate.

  3. Upload the push certificate to the JSS.

If you have a push certificate in .p12 format, you do not have to create a new one. You can simply upload the .p12 file to the JSS.

You can also use the JSS to renew your push certificate when needed.

Requirements

To create or renew a push certificate, you need:

  • A valid Jamf Nation account
    To create a Jamf Nation account, go to:
    https://www.jamf.com/jamf-nation/users/new

  • A valid Apple ID (A corporate Apple ID is recommended.)
    If you are renewing a push certificate that was originally obtained from Apple’s iOS Developer Program (iDEP), you must use the Apple ID for the iDEP Agent account used to obtain the certificate.

Creating a Push Certificate

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/15892700/Settings_icon.png .

  3. Click Global Management.

  4. Click Push Certificates images/download/thumbnails/15892700/Push_Certificates.png .

  5. Click New images/download/thumbnails/15892700/New_icon.png and do one of the following:

    • If the server hosting the JSS has an outbound connection, select Download signed CSR from Jamf Nation.
      The JSS connects to Jamf Nation over port 443 and obtains the signed CSR.

    • If the server hosting the JSS does not have an outbound connection, select Download CSR and sign later using Jamf Nation.

  6. Follow the onscreen instructions to create and upload the push certificate (.pem).

Uploading a Push Certificate (.p12)

If you have a push certificate that’s in .p12 format, you can upload it to the JSS.

Note: You will only have a push certificate in .p12 format if the CSR used to create the certificate was not issued by the JSS.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/15892700/Settings_icon.png .

  3. Click Global Management.

  4. Click Push Certificates images/download/thumbnails/15892700/Push_Certificates.png .

  5. Click New images/download/thumbnails/15892700/New_icon.png .

  6. Select Upload push certificate (.p12).

  7. Follow the onscreen instructions to upload the push certificate.

Renewing the Push Certificate

Important: It is recommended that you do not delete the existing push certificate from the JSS when renewing a push certificate.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/15892700/Settings_icon.png .

  3. Click Global Management.

  4. Click Push Certificates images/download/thumbnails/15892700/Push_Certificates.png .

  5. Click the push certificate and then click Renew.

  6. Choose a method for renewing the push certificate:

    • If the server hosting the JSS has an outbound connection, select Download signed CSR from Jamf Nation.
      The JSS connects to Jamf Nation over port 443 and obtains the signed CSR.

    • If the server hosting the JSS does not have an outbound connection, select Download CSR and sign later using Jamf Nation.

    • If you have a new push certificate in .p12 format, select Upload push certificate (.p12).

  7. Follow the onscreen instructions to renew the push certificate.

Deleting the Push Certificate

Deleting the push certificate from the JSS disables communication between the JSS and APNs. This prevents the JSS from sending macOS configuration profiles and macOS remote commands to computers, and managing iOS devices. In addition, without a push certificate, Mac App Store apps cannot be distributed to computers. To restore these capabilities, you must create a new push certificate, and then re-enroll your computers and mobile devices with the JSS.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/15892700/Settings_icon.png .

  3. Click Global Management.

  4. Click Push Certificates images/download/thumbnails/15892700/Push_Certificates.png .

  5. Click the push certificate and click Delete. Then click Delete again to confirm.

Related Information

For related information, see the following sections in this guide:

  • Security Settings
    Find out how to enable certificate-based authentication and push notifications so you can send macOS configuration profiles and macOS remote commands to managed computers.

  • PKI Certificates
    Learn how to configure public key infrastructure certificates to ensure secure communication with APNs.

For related information, see the following Knowledge Base article:

Network Ports Used by the Casper Suite
Find out which ports the JSS uses to communicate with APNs.

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.