Renew Apple Push Notification Certificate for Microsoft Intune


Today I had to renew my Apple Push Notification for one of my Microsoft Intune demo accounts. The Microsoft MVP Roadshow 2015 is just a few weeks away so it might be a good idea to make sure all my accounts was working as expected.

Most of the infrastructure for Intune Standalone just works out of the box but certificate renewals are actually something you have to do by yourself Smiley

So, I thought I’d create this small guide that will walk you through the process. I’ve added a lot of screenshots so everyone knows exactly where we are Smiley

The Apple Push Notification Certificate will expire after 365 days but don’t worry. Apple will send you a warning before you get there.


After you get this reminder, you need to logon to the Microsoft Intune portal (, and then you should see something like this:


If you click on “Warnings”, you should get a list of all your active Warnings. The one we’re looking for is “The APNs Certificate Is About to Expire“.

The Microsoft Intune Portal is pretty simple, so if you click the “iOS Mobile Device Management” source link, it will take you to the place we’re looking for.


As you can see, we get a warning that the certificate will expire within 7 days. To fix this little problem, we just need to click the “Enable the iOS platform” link.


That should send you to the “Upload an APNs Certificate” guide, that will show you 3 steps you need to complete. The first one is the “Download the APNs Certificate Request“.


When you click that link, it will open a “Save As” dialog, that will prompt you to save the request file on your local hard drive. Select a folder and provide the file with a name that you think make sense, and click Save.


Next we need to click the Apple Push Certificates portal link. That will send you to the following URL:


On the Apple Push Certificate Portal web site, you need to sign in with the Apple ID that you used to request/renew the certificate last year.


That should give you a list of all the certificates that you’re currently using (and maybe a few more J).

As you can see, I have a few test sites so I need to I identify the one I’m using. Based on the expiration date, that should be a simple task.

When you’ve identified the certificate, just click Renew.


In the Renew Push Certificate Portal, browse to the request file, and click Upload.


The Apple site has bug that will prompt you to save a renew.json file (It might be an Internet Explorer bug I’m not 100% sure). You don’t need it, so just click cancel if you see this


Hit F5 to refresh Internet Explorer.

You should now see an update date on the certificate.


Select the updated certificate, and click Download.


That should prompt you to save the Certificate.

Select a folder for the “MDM_Microsoft Corporation_Certificate.pem” and click Save.


For the last step, we need to upload the new certificate to the Microsoft Intune portal.

This is done by clicking on the “Upload the APNs Certificate” button.


Browse to the “MDM_Microsoft Corporation_Certificate.pem” file, add your Apple ID, and click Upload.


That’s it.


The certificate is now updated and we can relax for another year Smiley


+Ronni Pedersen

About Author

My name is Ronni Pedersen and I'm currently working as a Cloud Architect at APENTO in Denmark. My primary focus is Enterprise Client Management solutions, based on technologies like AzureAD, Intune, EMS and System Center Configuration Manager. I'm is also a Microsoft Certified Trainer and Microsoft MVP in Enterprise Mobility.


    • Hey,

      Ive followed the same steps.But while uploading the APNs to Intune Portal I am getting “The APNs certificate doesn’t match’ error.
      What should I do now? I don’t want delete the existing APNs certificate , as it may lead to reenrolling of all the devices again.
      Is there any other way to resolve the issue?

      • Are you sure that you’re using the same Apple id that you used for the previous APN? If you are I’d recommend that you open a support ticket at Microsoft. The should be able to help you find the problem.

        • I am pretty sure that same apple id I’ve used , as I have created only one APNs till now.Is there any way to check the Apple Id or Subject Id to make sure that the old .pem and new .pem files are pointing to same account?

  1. Pingback: Microsoft Intune Error: The APNs Certificate Doesn't Match - Intune Mike

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.