IBM Security MaaS360

Expand all | Collapse all

APNS In All Their Glorious Confusion

  • 1.  APNS In All Their Glorious Confusion

    Posted Wed January 20, 2021 08:47 PM
    Fairly new to the inner workings of MaaS360 and the iOs in general. I've muddled through until this point and now I'm not sure if I did something incorrectly though that seems likely.

    I received the following message on the Home Page:
    Your Apple MDM Certificate will expire on 17 Feb 2021. 29 day(s) remaining to update or renew it. Learn more.

    I tried to follow the steps in the outline of how to renew these certificates but did not get any notification that the certificate was renewed. What I did get was something that mentioned "changing Topics" and having to delete and then renew all of the devices I currently have enrolled PLUS the original Certificate disappeared. After three attempts, I figured the knot was tight enough so here I am.

    Am I going to need to go through the pain of deleting and the reinstalling all of my devices?
    Did the certificate get renewed and I missed some kind of notification?
    I having four certificates going to cause me problems and, if so, how do I pare it back to just the one that will work going forward?


    Phillip Slater

  • 2.  RE: APNS In All Their Glorious Confusion

    Posted Thu January 21, 2021 04:23 AM
    Edited by DAVID O'GRADY Thu January 21, 2021 04:24 AM

    Hi Philip,

    During the APNS renewal steps, you need to make sure you login to the Apple push portal using the "Associated Apple ID" listed on your maas360 portal at > Setup > Services > Mobile Device Management
    That is the first thing. Next, the topic change error suggests that perhaps the wrong certificate was renewed. To confirm you are renewing the correct certificate for your maas360 iOS devices, you need to check the "APNs Certificate Topic" on your maas360 portal, also found at Setup > Services > Mobile Device Management.
    This corresponds to the Subject DN UID of your certificate when your logged into Apple's push portal and the two need to match.

    I'd advise to try the renewal again once more. If there's more than one certificate listed on the Apple site, click on the little "i" next to each token and check the Subject DN to ensure you are looking at the correct token. Once you've verified the token is correct, proceed with the renewal steps.

    I've added documentation for doing this procedure below :

    I hope this helps.

    Best regards,


    IBM MaaS360 Security Support Engineer


  • 3.  RE: APNS In All Their Glorious Confusion

    Posted Thu January 21, 2021 04:23 AM
    Hi Phil,

    If you look in the Services tab you can view the APNs serial number.

    You can then cross reference this with the certs in the Apple Push Portal by clicking on the little blue 'i' to make sure you're renewing the correct one.

    Bryn Abbott