Jamf School requires a valid push certificate to communicate with Apple Push Notification service (APNs). This communication is required to do the following:
-
Send macOS profiles and macOS quick action commands to computers.
-
Distribute Mac App Store apps to computers.
-
Enroll and manage iOS devices.
You must have a push certificate in Jamf School to manage devices with Jamf School. Devices enrolled prior to May 2, 2017 are managed by a push certificate in Jamf School. To check if your devices are managed by Jamf School, navigate to Organization > Settings > Apple Push Notification Service. If the Push Topic is “com.apple.mgmt.XServer.01ab0995-0663-4e2d-a001-25e9ef3eaf9e”, the devices are currently managed by Jamf School. You must create your own certificate for future enrollments. If a new certificate is created, enrolled mobile devices will not be able to receive MDM commands unless they are re-enrolled. Apple requires the Apple Push Notification service (APNs) certificate to be renewed every year.
Important: If the original Apple push certificate expires or is deleted, you must manually re-enroll all managed devices.
Creating an Apple Push Certificate
Requirements
To create a push certificate, you need a valid Apple ID (a corporate Apple ID is recommended). To create a corporate Apple ID, navigate to: https://appleid.apple.com
Note: Apple recommends that you use one corporate Apple ID for push certificates and a separate one for Apple School Manager.
Procedure
-
In Jamf School, do one of the following:
-
If you are creating a push certificate in Setup Assistant, navigate to the Apple Push Certificate step in the Setup Assistant. The certificate signing request (.csr) downloads automatically.
-
If you already created a push certificate in the Setup Assistant and you want to create a new one, navigate to Organization > Settings > Apple Push Notification Service > Create own Certificate. In the pop-up dialog, click "Download Certificate Signing Request". The certificate signing request (.csr) will download.
-
In a new window or tab, navigate to the Apple Push Certificates Portal: https://identity.apple.com/pushcert
-
Log in to the portal with your Apple ID.
-
Click Create a Certificate.
-
Upload the certificate signing request you downloaded from Jamf School.
-
Click Upload, and then click Download. The Apple push certificate (.pem) will download.
-
Return to the Jamf School tab in your browser. In the pop-up dialog, upload the Apple push certificate and enter your Apple ID username in the Apple ID field.
-
Do one of the following:
-
If you are creating a push certificate in Setup Assistant, click Next.
-
If you already created a push certificate in the Setup Assistant and you want to create a new one, click Apply.
Renewing an Apple Push Certificate
Requirements
If you are renewing a push certificate that was originally obtained from Apple’s iOS Developer Program (iDEP), you must use the Apple ID for the iDEP Agent account used to obtain the certificate.
Note: Apple recommends that you use one corporate Apple ID for push certificates and a separate one for Apple School Manager.
Procedure
-
In Jamf School, navigate to Organization > Settings in the sidebar.
-
Click the Apple Push Notification Service payload.
-
Click Renew Push Certificate.
-
On the pop-up dialog, click Download Certificate Signing Request.
The certificate signing request (.csr) downloads.
-
In a new window or tab, navigate to the Apple Push Certificates Portal: https://identity.apple.com/pushcert
-
Log in to the portal with your Apple ID.
-
Click Renew next to the current Jamf School certificate.
-
Upload the certificate signing request you downloaded from Jamf School.
-
Click Upload, and then click Download. The Apple push certificate (.pem) will download.
-
Return to the Jamf School tab in your browser. In the pop-up dialog, upload the Apple push certificate and enter your Apple ID username in the Apple ID field.
-
Click Apply.
Deleting an Apple Push Certificate
-
In Jamf School, navigate to Organization > Settings in the sidebar.
-
Click the Apple Push Notification Service payload.
-
Click Delete Push Certificate.
-
Click Delete.