Push Certificates

Jamf Pro requires a valid push certificate to communicate with Apple Push Notification service (APNs). This communication is required to do the following:

  • Send macOS configuration profiles and macOS remote commands to computers.

  • Distribute Mac App Store apps to computers.

  • Enroll and manage iOS devices.

An assistant in Jamf Pro guides you through the following steps to create a new push certificate (.pem) and upload it to Jamf Pro:

  1. Obtain a signed certificate signing request (CSR) from Jamf.

  2. Create the push certificate in Apple’s Push Certificates Portal by logging into the portal, uploading the signed CSR obtained from Jamf Nation, and downloading the resulting push certificate.

  3. Upload the push certificate to Jamf Pro.

If you have a push certificate in .p12 format, you do not have to create a new one. You can simply upload the .p12 file to Jamf Pro.

You can also use Jamf Pro to renew your push certificate when needed.

Note:

Uploading a push certificate to Jamf Pro automatically enables the Enable Push Notifications setting in Jamf Pro's Security settings.

Creating a Push Certificate

Requirements
  • A valid Jamf ID.
 To create a Jamf ID, go to:
https://id.jamf.com/CommunitiesSelfReg

  • A valid Apple ID. (A corporate Apple ID is recommended.)
 If you are renewing a push certificate that was originally obtained from Apple's iOS Developer Program (iDEP), you must use the Apple ID for the iDEP Agent account used to obtain the certificate.

  1. In Jamf Pro, click Settings in the top-right corner of the page.
  2. In the Global Management section, click Push Certificates .
  3. Click New and do one of the following:
    • If the server hosting Jamf Pro has an outbound connection, select Download signed CSR from Jamf Nation.
 Jamf Pro connects to Jamf Nation over port 443 and obtains the signed CSR.

    • If the server hosting Jamf Pro does not have an outbound connection, select Download CSR and sign later using Jamf Nation.

  4. Follow the onscreen instructions to create and upload the push certificate (.pem).

Uploading a Push Certificate (.p12)

If you have a push certificate that’s in .p12 format, you can upload it to Jamf Pro.

Note:

You will only have a push certificate in .p12 format if the CSR used to create the certificate was not issued by Jamf Pro.

  1. In Jamf Pro, click Settings in the top-right corner of the page.
  2. In the Global Management section, click Push Certificates .
  3. Click New .
  4. Select Upload push certificate (.p12).
  5. Follow the onscreen instructions to upload the push certificate.

Renewing the Push Certificate

Important:

It is recommended that you do not delete the existing push certificate from Jamf Pro when renewing a push certificate.

Requirements
  • A valid Jamf ID.
 To create a Jamf ID, go to:
https://id.jamf.com/CommunitiesSelfReg

  • A valid Apple ID. (A corporate Apple ID is recommended.)
 If you are renewing a push certificate that was originally obtained from Apple's iOS Developer Program (iDEP), you must use the Apple ID for the iDEP Agent account used to obtain the certificate.

  1. In Jamf Pro, click Settings in the top-right corner of the page.
  2. In the Global Management section, click Push Certificates .
  3. Click the push certificate, and then click Renew .
  4. Choose a method for renewing the push certificate:
    • If the server hosting Jamf Pro has an outbound connection, select Download signed CSR from Jamf Nation.
 Jamf Pro connects to Jamf Nation over port 443 and obtains the signed CSR.

    • If the server hosting Jamf Pro does not have an outbound connection, select Download CSR and sign later using Jamf Nation.

    • If you have a new push certificate in .p12 format, select Upload push certificate (.p12).

  5. Follow the onscreen instructions to renew the push certificate.

Deleting the Push Certificate

Deleting the push certificate from Jamf Pro disables communication between Jamf Pro and APNs. This prevents Jamf Pro from sending macOS configuration profiles and macOS remote commands to computers, and managing iOS devices. In addition, without a push certificate, Mac App Store apps cannot be distributed to computers. To restore these capabilities, you must create a new push certificate, and then re-enroll your computers and mobile devices with Jamf Pro.

  1. In Jamf Pro, click Settings in the top-right corner of the page.
  2. In the Global Management section, click Push Certificates .
  3. Click the push certificate and click Delete . Then click Delete again to confirm.