Search
Clear search
Close search
Google apps
Main menu
true

Use an Apple Push Certificate

This feature is available in any G Suite edition.

To use advanced management with Apple® iOS® devices, you need to use an Apple Push Certificate. The certificate establishes a trusted connection between a device and your domain. You need to renew the certificate yearly. If you’re using basic management, you don’t need an Apple Push Certificate.

Have you set up mobile device management yet? This procedure is part of the setup process for iOS devices. Complete this procedure when you set up mobile device management for iOS devices.

Create and renew Apple Push Certificates

Create an Apple Push Certificate, and renew it yearly, to manage iOS mobile devices.

Open all   |   Close all

Create an Apple Push Certificate

Begin to create an Apple Push Certificate by generating a certificate signing request in the Google Admin console. Complete the process by submitting the request in the Apple Push Certificates Portal, and then receiving and verifying the certificate back in the Admin console.

You need to use your Apple ID and password to complete this procedure. (If you don't have an Apple ID and password, don't worry. You can optionally create one during this process.)

To generate the request for a new certificate:

For best results, follow these steps without reloading any browser window or navigating away from any displayed page. This helps to ensure that the certificate signing request you submit matches the signed certificate you receive.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. Click Setup > Apple Push Certificate.
  4. Click the Set up Apple Push Certificate link.
  5. On the Set up iOS Certificate page, click Download and save the certificate signing request (.csr) file to a convenient location where you can access it later. Download this file only once.
  6. Check the confirmation box. The page opens to the next step in the process.
  7. Continue by receiving the new certificate.

To receive the new certificate:

  1. (Optional) To create an Apple ID, from the iOS Certificate page, click Create an Apple ID and fill in the form on the tab that opens. To follow best practice guidelines, associate the Apple ID with your G Suite domain name. After you obtain the Apple ID, you can use it to receive the certificate.
  2. From the iOS Certificate page, click Apple Push Certificates Portal and sign in with your Apple ID and password to take you to the Apple website. 
  3. In the Apple Push Certificates Portal, submit the certificate signing request:
    1. Click Create a Certificate and accept the terms of use.
    2. Click Choose File and navigate to, select, and open the certificate signing request (.csr) file. This is the file you saved earlier in this session. (After you do this, you'll see the file name next to Choose File.)
    3. Click Upload to submit the request file.
      Apple accepts the request and shows you a Confirmation page, which lists your Service type, your Vendor domain, and the Expiration Date for this certificate.
  4. On the Confirmation page, click Download and save the signed certificate (.pem) file to a convenient location where you can access it later. (You can now sign out of the Apple Push Certificates Portal, but keep the other pages open.)
  5. Without reloading its page, redisplay the Admin console tab or window. This returns you to the iOS Certificate page.
  6. Check the confirmation box. The page opens to the next step in the process.
  7. Click Select certificate file and navigate to, select, and open the certificate (.pem) file you saved from the Apple Confirmation page. (After you do this, the page displays the file name.) 
  8. Check the confirmation box. The page closes to show the Verify button.
  9. Click Verify.
    The system verifies the new certificate. If you have problems, check to make sure the certificate signing request you submitted was downloaded from Apple today. If you find multiple signing requests on your system, delete them all and begin the procedure again.
  10. Click Continue Setup and continue to follow instructions to set up mobile device management.
  11. Click Device Management > Setup > Apple Push Certificate and enter and save your Apple account ID for future reference. You'll need it to renew the certificate. (If you do not have this information when you renew, you will have to create a new certificate instead. Your iOS device users will be required to repeat their portion of the setup process on their devices. Users cannot sync their G Suite data until re-registration completes.)
Renew an Apple Push Certificate

Renew your Apple Push Certificate yearly to continue to manage iOS mobile devices.

To successfully complete this procedure, you need to supply the same Apple ID and password you used to set up the existing certificate. If you do not have this information, you need to create a new certificate instead. (However, if you create a new certificate instead of renewing an existing one, your iOS device users will be required to repeat their portion of the setup process on their devices. Users cannot sync their G Suite data until re-registration completes.)

To generate the renewal request:

For best results, follow these steps without reloading any browser window or navigating away from any displayed page. This helps to ensure that the certificate signing request you submit matches the signed certificate you receive.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. Click Setup > Apple Push Certificate.

    On this page, you see the current certificate options, including the unique identifier (UID) and expiration date for the existing certificate. If you entered your Apple ID here to keep it handy, you see it listed.

  4. Click Renew certificate
  5. On the Renew iOS Certificate page, click Download and save the certificate signing request (.csr file) to a convenient location where you can access it later. Download this file only once.
  6. Check the confirmation box. The page opens to the next step in the process.
  7. Continue by receiving the renewed certificate.

To receive the renewed certificate:

  1. From the iOS Certificate page, click Apple Push Certificates Portal and sign in with your Apple ID and password to take you to the Apple website. 
  2. In the Apple Push Certificates Portal, submit the certificate signing request:
    1. (Optional) If more than one certificate is listed, click the i button next to each one to find the UID of the certificate you want to renew.
    2. Click Renew next to the certificate you want to renew, and accept the terms of use.
    3. Click Choose File and navigate to, select, and open the certificate signing request (.csr) file. This is the file you saved earlier in this session. (After you do this, you'll see the file name next to Choose File.)
    4. Click Upload to submit the request file.
      Apple accepts the request and shows you a Confirmation page, which lists your Service type, your Vendor domain, and the Expiration Date for this certificate.
  3. On the Confirmation page, click Download and save the signed certificate (.pem) file to a convenient location where you can access it later. (You can now sign out of the Apple Push Certificates Portal, but keep the other pages open.)
  4. Without reloading the page, redisplay the Admin console tab or window. This returns you to the iOS Certificate page.
  5. Check the confirmation box. The page opens to the next step in the process.
  6. Click Select certificate file and navigate to, select, and open the certificate (.pem) file you saved from the Confirmation page. (After you do this, the page displays the file name.) 
  7. Check the confirmation box. The page closes to show the Verify button.
  8. Click Verify.
    The system verifies the renewed certificate. If you have problems, check to make sure the certificate signing request you submitted was downloaded from Apple today. If you find multiple signing requests on your system, delete them all and begin the procedure again.
  9. Click Device Management > Setup > Apple Push Certificate and enter and save your Apple account ID for future reference. You'll need it to renew the certificate the next time. (If you do not have this information when you renew, you will have to create a new certificate instead. Your iOS device users will be required to repeat their portion of the setup process on their devices. Users cannot sync their G Suite data until re-registration completes.)

 

Was this article helpful?
How can we improve it?
Sign in to your account

Get account-specific help by signing in with your G Suite account email address, or learn how to get started with G Suite.