Renew an Apple Push Certificate

If you have the legacy free edition of G Suite, upgrade to G Suite Basic to get this feature. 

To use advanced management with Apple® iOS® devices, you need to use an Apple Push Certificate and renew it yearly. The certificate establishes a trusted connection between iOS devices and your domain.

Before you begin

  • You need to use an Apple ID and password to renew the certificate. Make sure to use the same Apple ID you used to create the certificate. If you use a different Apple ID, you’ll have to create a new certificate. If you create a new certificate, your iOS users' service will be interrupted. And, they’ll need to enroll their devices again to synchronize G Suite data.
  • Don’t reload your browser window or navigate away from any displayed page while you’re renewing the certificate. 

Renew your certificate

Step 1: Generate a renewal request

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. On the left, click Setup.
  4. Click Apple Push Certificate.
    The current certificate details are displayed, including the unique identifier (UID) and expiration date. You also see your Apple ID (if you entered it when you first created the certificate).
  5. Click Renew Apple Push Certificate
  6. Click Download and save the certificate signing request (.csr file). Download this file only once.
  7. Check the I’ve downloaded the certificate signing request box.

Step 2: Get a renewed certificate

  1. Click Apple Push Certificates Portal and sign in to the portal with the Apple ID and password you used when you created the certificate.
  2. Next to the certificate you want to renew, click Renew and accept the terms of use.
    Tip: If more than one certificate is listed, click the i button next to each one to find the UID of the certificate you want to renew.
  3. Click Choose File and open the certificate signing request (.csr) file you saved in step 1. 
  4. To submit the request file, click Upload.
    Apple accepts the request and displays a confirmation page with your service type, vendor domain, and the expiration date for this certificate.
  5. Click Download and save the signed certificate (.pem) file. Download this file only once.
  6. Go back to your Admin console tab or window. 
  7. Check the I’ve got a signed Apple Push Certificate box. 

Step 3: Upload your renewed certificate

  1. Click Select certificate file and open the certificate (.pem) file you saved from the Apple Confirmation page. 
  2. Check the I’ve selected the certificate file box. 
  3. Click Verify.
    The system verifies and uploads the renewed certificate. If you have problems, check to make sure the signed certificate you submitted was downloaded from Apple today. If you find multiple signing requests on your system, delete them all and start again.
  4. Click Continue Setup
  5. Click Device Management and then Setup and then Apple Push Certificate.
  6. Next to Apple account ID, enter the Apple ID you used to create the certificate. Your ID is automatically saved to remind you when you renew the certificate.

Related topics 

Create a new Apple Push Certificate 

Was this article helpful?
How can we improve it?