Push Certificates

The JAMF Software Server (JSS) uses push certificates to communicate with Apple Push Notification service (APNs). The JAMF Push Proxy enables communication between the JSS and Self Service Mobile for iOS, and between the JSS and personally owned Android devices.

Push Certificate

The JSS requires a valid push certificate to communicate with APNs. This communication is required to do the following:

  • Send OS X configuration profiles and OS X remote commands to computers.

  • Distribute Mac App Store apps to computers.

  • Enroll and manage iOS devices.

An assistant in the JSS guides you through the following steps to create a new push certificate (.pem) and upload it to the JSS:

  1. Obtain a signed certificate request (CSR) from JAMF Nation.

  2. Create the push certificate in Apple’s Push Certificates Portal by logging into the portal, uploading the signed CSR obtained from JAMF nation, and downloading the resulting push certificate.

  3. Upload the push certificate to the JSS.

If you have a push certificate in .p12 format, you do not have to create a new one. You can simply upload the .p12 file to the JSS.

You can also use the JSS to renew your push certificate when needed.

JAMF Push Proxy

The JSS requires a valid proxy server token to authenticate to the JAMF Push Proxy. Push notification triggers communication between the JSS and Self Service Mobile for iOS, and between the JSS and personally owned Android devices. The types of communication include sending notifications to iOS devices with Self Service Mobile installed, and requesting management check-ins from personally owned Android devices.

An assistant in the JSS guides you through the process to request a new proxy server token from the JAMF Authorization Server and upload it to the JSS.

Requirements

To create or renew a push certificate, you need:

  • A valid JAMF Nation account
    To create a JAMF Nation account, go to:
    https://jamfnation.jamfsoftware.com/createAccount.html

  • A valid Apple ID (A corporate Apple ID is recommended.)
    If you are renewing a push certificate that was originally obtained from Apple’s iOS Developer Program (iDEP), you must use the Apple ID for the iDEP Agent account used to obtain the certificate.

To request or renew a proxy server token, you need a valid JAMF Nation account.

To create a JAMF Nation account, go to:
https://jamfnation.jamfsoftware.com/createAccount.html

Creating a Push Certificate

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/10126442/Settings_icon.png .

  3. Click Global Management.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click Push Certificates images/download/thumbnails/10126442/Push_Certificates.png .

  5. Click New images/download/thumbnails/10126442/New_icon.png and do one of the following:

    • If the server hosting the JSS has an outbound connection, select Download signed CSR from JAMF Nation.
      The JSS connects to JAMF Nation over port 443 and obtains the signed CSR.

    • If the server hosting the JSS does not have an outbound connection, select Download CSR and sign later using JAMF Nation.

  6. Follow the onscreen instructions to create and upload the push certificate (.pem).

Uploading a Push Certificate (.p12)

If you have a push certificate that’s in .p12 format, you can upload it to the JSS.

Note: You will only have a push certificate in .p12 format if the CSR used to create the certificate was not issued by the JSS.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/10126442/Settings_icon.png .

  3. Click Global Management.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click Push Certificates images/download/thumbnails/10126442/Push_Certificates.png .

  5. Click New images/download/thumbnails/10126442/New_icon.png .

  6. Select Upload push certificate (.p12).

  7. Follow the onscreen instructions to upload the push certificate.

Renewing the Push Certificate

Important: It is recommended that you do not delete the existing push certificate from the JSS when renewing a push certificate.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/10126442/Settings_icon.png .

  3. Click Global Management.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click Push Certificates images/download/thumbnails/10126442/Push_Certificates.png .

  5. Click the push certificate and then click Renew.

  6. Choose a method for renewing the push certificate:

    • If the server hosting the JSS has an outbound connection, select Download signed CSR from JAMF Nation.
      The JSS connects to JAMF Nation over port 443 and obtains the signed CSR.

    • If the server hosting the JSS does not have an outbound connection, select Download CSR and sign later using JAMF Nation.

    • If you have a new push certificate in .p12 format, select Upload push certificate (.p12).

  7. Follow the onscreen instructions to renew the push certificate.

Deleting the Push Certificate

Deleting the push certificate from the JSS disables communication between the JSS and APNs. This prevents the JSS from sending OS X configuration profiles and OS X remote commands to computers, and managing iOS devices. In addition, without a push certificate, Mac App Store apps cannot be distributed to computers. To restore these capabilities, you must create a new push certificate, and then re-enroll your computers and mobile devices with the JSS.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/10126442/Settings_icon.png .

  3. Click Global Management.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click Push Certificates images/download/thumbnails/10126442/Push_Certificates.png .

  5. Click the push certificate and click Delete. Then click Delete again to confirm.

Requesting and Uploading a Proxy Server Token

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/10126442/Settings_icon.png .

  3. Click Global Management.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click Push Certificates images/download/thumbnails/10126442/Push_Certificates.png .

  5. Click New images/download/thumbnails/10126442/New_icon.png .

  6. Select Get proxy server token from JAMF Authorization Server.

  7. Follow the onscreen instructions to get the proxy server token and upload it to the JSS.

Renewing the Proxy Server Token

Note: The proxy server token will be renewed automatically, however, the following steps can be used for troubleshooting purposes.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/10126442/Settings_icon.png .

  3. Click Global Management.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click Push Certificates images/download/thumbnails/10126442/Push_Certificates.png .

  5. Click the push proxy and then click Renew.

Deleting the Proxy Server Token

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/10126442/Settings_icon.png .

  3. Click Global Management.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click Push Certificates images/download/thumbnails/10126442/Push_Certificates.png .

  5. Click the push proxy and click Delete. Then click Delete again to confirm.

Related Information

For related information, see the following sections in this guide:

  • Security Settings
    Find out how to enable certificate-based authentication and push notifications so you can send OS X configuration profiles and OS X remote commands to managed computers.

  • Public Key Infrastructure
    Learn how to configure the public key infrastructure (PKI) to ensure secure communication with APNs.

  • Ports
    Find out which ports the JSS uses to communicate with APNs.

  • Sending a Mass Notification to Mobile Devices
    Find out how to send a mass notification to mobile devices.

For related information, see the following Knowledge Base article:

JAMF Push Proxy Communication
Learn about push proxy network communication and ports.

Copyright | Privacy | Terms of Use | Security
Copyright JAMF Software, LLC 2016