How to Generate an APNs Certificate for Workspace ONE

The Apple Push Notification service (APNs) is used to allow Workspace ONE to securely communicate to the smart device fleet over-the-air. Workspace ONE uses the APN's certificate to send notifications to devices when the Administrator requests information or during a defined monitoring schedule. No data is sent through the APN's server, only the notification.

Figure 1: (English Only) Diagram of Apple Push Notification service

• Access to the organization group’s Workspace ONE Administration Console
• Apple ID (or ability to create an Apple ID)
• Safari, Firefox, Chrome, or Edge web browser (Internet Explorer is not supported): Ensure to work through all the steps in this guide using the same browser session. The APN's generation process with Apple includes time-based and browser-based credentials for security purposes, which mandate following the steps in the Generating an APNs Certificate section to avoid any security or session-related errors. If one browser does not generate the certificate, try a different browser, but ensure to redo or complete all the steps in one session.

Generating the APN's certificate is a three-step process:

1. Download the AirWatch-signed CSR from the Workspace ONE Admin Console.
2. Upload the AirWatch-signed CSR to the Apple Push Certificate Portal.
3. Download the Apple-signed certificate (.pem) from the Apple Push Certificate Portal.

Download the AirWatch-Signed CSR from the AirWatch Admin Console.

1. Go to Groups & Settings > All Settings > Devices & Users > Apple > APNs For MDM and then select Generate New Certificate.

Figure 2: (English Only) Select Generate New Certificate

2. Provide the certificate request (step 1) to Apple to process and obtain your certificate, and then upload it into the Workspace ONE console.

Click MDM_APNsRequest.plist to download the request. If you already have an Apple Id select Go to Apple, and if you do not select Click here and following directions to create one.

Figure 3: (English Only) Go To Apple

3. Sign into the Apple Push Certificates Portal website using a valid Apple ID and password. If you have two-factor authentication enable, verify your identity by entering your Verification Code:

If the Go To Apple button fails to direct you to the portal, open a new tab and go to: https://identity.apple.com/pushcert/

Figure 4: (English Only) Apple Push Certificates Portal

4. Click Create a Certificate.

Figure 5: (English Only) Click Create a Certificate

5. Select the "I have read and agree to these terms and conditions" checkbox and click Accept.

Figure 6: (English Only) Click Accept

6. Click Choose File and go to the AirWatch-signed CSR downloaded in Step 2. Find and select the certificate that you downloaded from Apple’s portal named: MDM_APNsRequest.plist

Figure 7: (English Only) Choose File

7. Click Upload (A new certificate for Workspace ONE MDM displays.)

Figure 8: (English Only) Click upload

8. Click Download and save the Apple-signed certificate to an accessible location.

1. Return to the Workspace ONE Admin Console and click Next.

Figure 9: (English Only) Click Next

2. Upload the Apple-signed certificate to Workspace ONE that was recently downloaded (.pem file). Enter the Apple ID used to sign into the Apple Push Certificates Portal website previously.

Figure 10: (English Only) Update the Apple-signed certificate

3. Click Save.
4. This is a restricted action, so you must enter you security PIN.

Figure 11: (English Only) Enter security PIN

5. Verify details on the APNs For MDM page.

6. Click Save and then x in the upper right corner, and you have completed the task.