Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: dustpuppy
dustpuppy Author
User level: Level 1
8 points

Renewing Push Certificate with renamed Apple ID

Hello everyone,


I have a specific problem here:

- I set up an OS X Lion Server at work to manage a bunch of iOS devices with Profile Manager

- I created an Apple-ID for my work-email to request a Push Certificate for that server

- I then RENAMED the Apple-ID to a functional email-address (however, my original one is still setup as alternative email address)

- I can still see my Push Certificate when login in to the Push Certificate Portal

- Now, I need to renew that certificate in 30 days.


Question 1: Can I renew that certificate using the Server.app (which still knows my old email-address) or do I need to rename my Apple-ID AGAIN to the old state before doing so?

Question 2: Will I need to re-enroll my iOS devices with either option stated above?

Question 3: I plan to upgrade to Mountain Lion Server - in the process, I will be asked for an Apple-ID for the Push Certificate ... will it be clever enough to recognize my renamed Apple-ID, or do I need to rename it before that as well?

Question 4: Is it possible to let Apple Support handle this mess, has anyone tried that successfully so far?


Thanks for reading :-)


Best regards,


Olaf

Mac Pro, OS X Server

Posted on May 17, 2013 4:38 AM

Reply
3 replies
User profile for user: fod.b
fod.b
User level: Level 1
0 points

Aug 17, 2013 3:39 AM in response to dustpuppy

You are not alone...WE are lost....from apple and the community;-(


I get the notification emails too. But HOW re-enroll my certificate? There are too much different certifications and certificate authority and therfore to much different description in the internet.


Disappointing is in the notification email is no solution desription or at least a link to get the necessary information.


I believe, my problem is the certifcation of my mini mac name (lion mountain, server) and not a developer certification. Perhaps is only a remote maintenace the only solution. I'll ask apple....

Reply
User profile for user: dustpuppy
dustpuppy Author
User level: Level 1
8 points

Aug 17, 2013 7:29 AM in response to dustpuppy

I'd like to share my experience how the process went.


As initially stated, I needed to renew my Push Certificate within 30 days, but had renamed my Apple ID (from myname@company.com to itdepartment@company.com).

Renewing meant, re-enrolling all devices. Somebody suggested, I should upgrade to Mountain Lion Server first, THEN renew, it would be easier then (you know, click one button and BOOM, magic..).


So, the idea then was

- Perform in-place-upgrade

- re-enroll certificate after upgrade


short answer... that didn't work out.


Before upgrading, I trained on a cloned system.

In the process of the upgrade, you HAVE to enter an Apple-ID (i.e. email address) to connect to the APNS ... that means it either is exactly the one you created the Push Certificate with in the first place, or you re-enroll or your devices - Apple gives a nice warning message during the process.


OK, gnashing teeth, I renamed the Apple-ID back to the original state and tried the in-place upgrade again, this time on the production server ... what should go wrong, it worked out before on the clone (sans the certificate part) ... hhhm ... not this time. It seemed to be some problem with the Raid card. But hey, that's what Carbon Copy Cloner, psqldump and Timemachine are for, right?


Wrong.


After the restore, my production machine came up fine, everything worked - except pushing anything to my devices.

So, technically I restored OS X Lion Server to a running state AND had 3 different means of backup, just in case (CCC, Timemachine, scripted DB dumps and OD dumps) and still in the end, I had a bunch of devices that needed to be re-enrolled. Brilliant.


More gnashing teeth. Now, knowing I need to re-enroll anyway, I installed ML Server from scratch, created a new Push certificate (using itdepartment@company.com.), re-entered ALL mobile devices, policies and groups by hand (oops, Apple dropped psqldump support in ML Server, there is no database import from prior versions..FRAK) and re-enrolled all devices, happy users assured.


And now the fun part: If you sign your mobile profiles (you know, that checkbox in Server App) for extra security, you need to take care of your Code Signing Certificates validity. You can renew this easily (one click, BOOM, magic).

The Code Signing Certificate is valid for 1 year. If you renew this certificate, re-enrollment is mandatory.

DOUBLE-FRAK.


So in the end, it didn't matter at all that I renamed my Apple-ID back and forth, it didn't matter that the in-place upgrade didn't work out and I had to do a clean install, there was actually no option of pulling this stunt without re-enrolling all devices, at least when the Code signing certificate were to expire.


Please Apple, FIX this. It can not be, that I have to re-enroll all my devices EVERY YEAR. Why are your certificates only valid one year? Why can't you design a convenient mechanism to renew all certificates and push them to the devices automatically?

Reply

Renewing Push Certificate with renamed Apple ID

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up