Trying to understand that when renewing a push certificate will the users already enrolled in an MDM platform be prompted to update/install the existing mdm profile on the device?
Hello all,
What will happen if a device is offline and does not see the new certificate in time?
As an example:
If I have all my devices enrolled and using a certificate (c1) that will expire in 1 month, I can renew the certificate (c2) and the first time that the devices connect to MDM server they will download the renewed certificate (c2) using the still valid certificate (c1).
But, what will happen if one device is offline during that month and it connects to the MDM server after that and c1 is already expired?
If I am understanding right all the explanations and what I saw in other posts, it looks like I will be forced to manually reenroll that device, am I right?
Thank you in advance,
Best,
Federico.-
Hi Dan,
When renewing the APN certificate, you must renew before the expiration date and you must renew using the same Apple ID used to create the original APN certification. This keeps the topic of the certificate the same and thus the users who already have the original MDM profile installed on his/her iPad will not be prompted to update or install anything again. It will "just work."
If its past the expiration date or if you use a different Apple ID to create/update your APN certificate for the MDM, you will need to enroll the devices into your MDM all over again (devices will need a new MDM profile installed with the new APN certificate). Hopefully for you its before the expiration date and you know which Apple ID was used to create the original APN certificate for your MDM so that you won't have to re-enroll all of your devices.
I learned this lesson the hard way and will not make that mistake again 🙂 Hope this helps you and answers your question!
~Joe
Hi All,
We are also struggling to understand the answer to this question. How does it "just work". The device need to download the renewed MDM profile (with the embedded cert). Hows does that happen? On the next MDM command to the device?
Rob
While the old certificate is still valid, you use your MDM setup, authenticated using the old certificate, to upload the new certificate to the device.
In other words, you cannot do it once your old certificate has stopped working, you need to plan ahead. Exactly as ndsjoey wrote.
The users who are already enrolled are not asked to update or install the existing profile on the device IF you renew the certificate on time, that is before the certificate expires. They can continue using the existing profile.
When the certificate is expired, then everything resets. You will need a new certificate. NO profiles that are already installed in the devices will work. You will have to enroll all devices again, and new certificates are to be installed on devices.
So, make sure you renew the certificate every year before it is expired to get the things go smoother.
When renewing an MDM certificate will the user who is already enrolled in the MDM platform be prompted on their device to update/install the profile?
