The following is really just for information, describing APNs.
Push Notifications are mostly designed to allow 3rd party Apps the ability to inform users through their App, e.g. messages, sounds, etc. some relevant detail. Users control which messages are silenced or visible and how they are visible through Settings. Developers of Apps requiring this service register their App with Apple. This process requires an APNs token, integrated into the App’s Server.Generation of an APNs token itself is a required action by FileWave Admins as per the other KB articles in this chapter.
For APNs to succeed, the App and 3rd party server must be able to trust Apple’s APNs Cloud Service. Hence, Trust Stores must include Apple’s APNs Root Certificate. ### APNs Certificate Update: At times the Root Certificate used by APNs will require replacing, prior to expiry.| **APNs Cert** | **Service** | **Up to Date** | **From Date** | **Expiry Date** |
| [AAA Certificate Services root certificate](https://comodoca.my.salesforce.com/sfc/dist/version/download/?oid=00D1N000002Ljih&ids=0683l00000G9fLm&d=%2Fa%2F3l000000VbG0%2Fh70Hv.GWfGuD79pR_if0MtGjJFcUj.NRZS_RLqEyC_4&asPdf=false) | Sandbox | Jan 2025 | - | Dec 31 23:59:59 2028 GMT |
| Production | Feb 2025 | - | ||
| [SHA-2 Root : USERTrust RSA Certification Authority certificate](https://www.sectigo.com/knowledge-base/detail/Sectigo-Intermediate-Certificates/kA01N000000rfBO) | Sandbox | - | Jan 2025 | Jan 18 23:59:59 2038 GMT |
| Production | - | Feb 2025 |
FileWave Server already includes both of the above listed certificates within its Trust Store.
### 3rd Party Apps The act of installing an App requiring APNs, registers that App with APNs and the device receives a Unique Device Token. Messages pushed can include: - Display Alert Message to User - Apply Badge Icon to App’s Icon - Play a Sound - Deliver Notification Silently Both Message and Unique Device Token are sent by the App’s Server when attempting to initiate a notification. Notifications are relayed through Apple’s APNs service. On receipt of the notification, the device will act accordingly, e.g. display a message to user. In essence, the message payload therefore consists of: - APS Dictionary: Message content - Alert Keys: Assist notification processing, e.g. an identifier to a particular conversation of a messaging app. - Device ID: Unique Device TokenThe App should contain the current APNs Root Certificate within its Trust Store
### MDM/DDM MDM communication also relies upon the APNs service and therefore is an example of this process, but key aspects are: - The act of enrolment is equivalent to installing the App, initiating the receipt of the Unique Device Token. - The App in question is a binary, included in the Operating System by Apple: '/usr/libexec/mdmclient'. - APS dictionary should not be included in the payload from an MDM server. MDM APNs messages are nothing more than a request for the device to contact the MDM server. Any commands are subsequently sent directly to the device, once the device responds back to the MDM server from this APNs request. Since Apple are the developers of the 'mdmclient', Apple manage its Trust Store. Apple’s list of supported Root Certificates per OS version are available from their KB: [https://support.apple.com/en-gb/103272](https://support.apple.com/en-gb/103272) # APNs Certificate Creation & Renewal on macOS Computers (Keychain) ## Description Apple Mobile Device Management (MDM) requires an Apple Push Notification service (APNs) certificate; renewable yearly.**APNs Expiry** If APNs certificates are allowed to expire, all MDM communication will be lost, until renewed. Update Model will also fail until renewed.
[](https://kb.filewave.com/uploads/images/gallery/2026-02/fhcPHbbdCiRSEEnr-image.png) The following guide provides the steps to create and renew an APNs certificate using macOS with Keychain app.**APNs Topic** An APNs certificate has a unique topic, in the form of a hexadecimal string, and belongs to the Apple ID used to create the certificate. When renewing, the topic must match to ensure devices continue to communicate with the server. As such, not only must the same Apple ID be used when renewing an APNs certificate, but the current certificate must also be selected for renewal.
## Step-By-Step Guide #### Creating the Certificate Signing Request (CSR) 1. Open Keychain Access, located in: Applications > Utilities > Keychain Access.app. 2. Create a CSR. Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority... [](https://kb.filewave.com/uploads/images/gallery/2023-07/alhme0ulSOWeQObZ-image.png) 3. Enter the AppleID and Server name that you are going to be associating with this certificate in the "Common Name" field.**Common Name** Certificate Private Key names are visible in Keychain and the Common Name is used to set the Private Key name. Supplying the Apple ID and Server as the Common Name, ensures the Apple ID used to generate the certificate will be stored for future reference.
[](https://kb.filewave.com/uploads/images/gallery/2023-07/WI3uC33RSK2VtDKp-image.png) 4. Select the radio button "Saved to disk" and click Continue. 5. Save the CSR request, ready to upload to FileWave in the next section.Certificate Storage Consider creating a secure location to store the created certificates and sub divide them using the date or year, e.g folder named: 'MDM APNs certificates 2020'.
#### Sign the CSR CSR requests must be signed before uploading to Apple. FileWave has a portal for this process, which requires an active FileWave account. 1. Navigate to [https://csr.filewave.com/](https://csr.filewave.com/) and login. 2. Upload the previously created CSR. 3. 'Download signed CSR' should list this uploaded and now signed CSR. 4. Download this newly signed CSR, ready for upload to Apple in the next section. Again consider where this certificate is stored. [](https://kb.filewave.com/uploads/images/gallery/2023-07/aUMBuc33HyIemxTq-image.png) #### Upload the signed FileWave CSR to Apple ##### Creating a new Certificate If you are renewing a certificate then jump to [Renewing a Certificate](#bkmrk-renewing-a-certifica) 1. Navigate to: [https://identity.apple.com/pushcert/](https://identity.apple.com/pushcert/) and log in with an Apple ID. This Apple ID will own the certificate and is required for every renewal. Do not use a personal Apple ID, to avoid complications if that person where to leave the business or institution. 2. Click 'Create'. 3. 'Accept' Apple's 'Terms of Use'. [](https://kb.filewave.com/uploads/images/gallery/2023-07/q3SFfJ5UMpW5OH2c-image.png) ##### Renewing a Certificate 1. Navigate to: [https://identity.apple.com/pushcert/](https://identity.apple.com/pushcert/) and **log in with the Apple ID used to initially create the certificate.** 2. Confirm the Certificate to renew. 3. Select 'Renew'. To confirm the certificate, compare the Subject DN (Topic) and current certificate. Clicking the 'i' button will show the certificate details, including the Topic: [](https://kb.filewave.com/uploads/images/gallery/2023-07/EY8Q5DZth1VIaIlJ-image.png) Ensure this matches with the 'Current Certificate' in FileWave Admin > Preferences > Mobile > Apple Push Notification Certificate: [](https://kb.filewave.com/uploads/images/gallery/2023-07/5UNFgg1tC7c2u7NY-image.png)If the 'Topics' do not match do not continue. If the correct certificate is not in the list on Apple's website, this is the wrong Apple ID. If this guide was followed in creating the original certificate, the previously used Apple ID will be viewable from the certificate "Private Key".
Click 'Choose File' and browse to the signed FileWave CSR from the previous section. Click 'Upload' and Apple will return a 'Confirmation'. [](https://kb.filewave.com/uploads/images/gallery/2023-07/WFKdWCVHQSMrPtXm-image.png) Click 'Download' and save the ".pem" file. Again consider where this certificate is stored. [](https://kb.filewave.com/uploads/images/gallery/2023-07/HycVQrfrgEDWv8DU-image.png) #### Create a ".p12" from the Signed CSR 1. Open Keychain Access app, select login from the Keychains list and then choose 'My Certificates' tab.**Keychain** If imported into the System Keychain, the Private Key will not be accessible. **If 'All Items' tab is selected, private keys will not be available!**
2. Drag the downloaded PEM file into the Keychain main window. 3. Locate the imported certificate. It will begin with "APSP:". 4. Click the disclosure triangle and select the expanded private key.Common Name and Topic The name of the Private Key will show the value defined as the "Common Name" from the creation of the CSR. Where recommendation was followed, this should list the Apple ID and Server name. Additionally the name of the Certificate is the same as the Topic.
[](https://kb.filewave.com/uploads/images/gallery/2023-07/uuFHabp3h5NmLvXI-image.png) 5. From the 'File' menu, choose 'Export Items...'. [](https://kb.filewave.com/uploads/images/gallery/2023-07/5u8xeq96035BvYly-image.png) 6. Export as a .p12 file. Again consider where this certificate is stored. 7. Click Save. [](https://kb.filewave.com/uploads/images/gallery/2023-07/OH8JkN1mLliLtY9o-image.png) 8. Leave the password blank. [](https://kb.filewave.com/uploads/images/gallery/2023-07/QwHLlAdx7FwEmFei-image.png) 9. Enter your local admin account, when prompted, allowing Keychain to export. [](https://kb.filewave.com/uploads/images/gallery/2023-07/wYvhPBxbO3qgRPHq-image.png) #### Uploading the Certificate into FileWave 1. Launch the FileWave Admin and login to the FileWave server. 2. Open the FileWave Admin Preferences. [](https://kb.filewave.com/uploads/images/gallery/2023-07/PZDUQSCEcAP5ab0F-image.png) 3. Select the 'Mobile' tab. 4. Click 'Browse' and navigate to the saved ".p12" APNs certificate. 5. Select the exported ".p12" certificate. 6. Click 'Upload APN Certificate/Key Pair'. [](https://kb.filewave.com/uploads/images/gallery/2023-07/I23j4sVN66E3Nhh0-image.png) The topic should match the previous topic. FileWave Central should warn if the topics do not match before accepting the upload: [](https://kb.filewave.com/uploads/images/gallery/2026-02/DZkb0W7U8C9M5XxQ-apns-mismatch-warning.png) Click 'OK' to save and close the Preferences dialog. That is it! FileWave may now manage Apple devices using Apple’s Push Notification Service.APNs certificates require yearly renewals. Through FileWave Admin > Dashboard > Alert Settings, automated emails may configured. Consider adding 'APN for MDM'. Note this requires the Email preferences in Admin to be configured.
## Contact Apple for help If you forgot the email tied to your Apple Push Notiifcation you may reach out to Apple for assistant [Contact Apple for help with APN](https://support.apple.com/en-us/118629) ## Related articles - [APNs Certificate Creation & Renewal on macOS Computers (XCA)](https://kb.filewave.com/books/certificates/page/apns-certificate-creation-renewal-on-macos-computers-xca "APNs Certificate Creation & Renewal on macOS Computers (XCA)") - [APNs Certificate Creation & Renewal on Windows](https://kb.filewave.com/books/certificates/page/apns-certificate-creation-renewal-on-windows-computers "APNs Certificate Creation & Renewal on Windows Computers") # APNs Certificate Creation & Renewal on macOS Computers (XCA) ## Description Apple Mobile Device Management (MDM) requires an Apple Push Notification service (APNs) certificate; renewable yearly.**APNs Expiry** If APNs certificates are allowed to expire, all MDM communication will be lost, until renewed. Update Model will also fail until renewed.
[](https://kb.filewave.com/uploads/images/gallery/2026-02/owIFDXr7VebYFYur-image.png) This guide explains how to create the Apple Push Notification Service (APNS) certificate for FileWave **using an online CSR generator and the XCA certificate management tool, instead of the Apple Keychain**. The Apple Keychain often causes issues with private key handling on newer macOS versions, so this method provides a more reliable alternative. You may use any online CSR generator (for example ssl.com), it does not have to be ssl.com specifically.**APNs Topic** An APNs certificate has a unique topic, in the form of a hexadecimal string, and belongs to the Apple ID used to create the certificate. When renewing, the topic must match to ensure devices continue to communicate with the server. As such, not only must the same Apple ID be used when renewing an APNs certificate, but the current certificate must also be selected for renewal.
## Step-By-Step Guide #### **Prerequisites** - Access to the **Apple Push Certificates Portal** ( [https://identity.apple.com/pushcert/](https://identity.apple.com/pushcert/) ). - A valid **Apple Business/School Manager account** or Apple ID. - Access to the **FileWave Central** console. - Installed **XCA** tool: [https://github.com/chris2511/xca/releases](https://github.com/chris2511/xca/releases) #### **Step 1: Generate CSR (Certificate Signing Request)** 1. Open the **CSR generator** at [ssl.com](https://www.ssl.com/online-csr-and-key-generator/). ( [https://www.ssl.com/online-csr-and-key-generator/](https://www.ssl.com/online-csr-and-key-generator/) ) 2. Enter the required details: - **Common Name (CN):** e.g. FileWave APNS - **Organization (O):** your company or school name - **Organizational Unit (OU):** optional, e.g. IT Department - **Country (C):** two-letter ISO code (e.g. DE) 3. Generate the CSR and download the files: - **CSR file (.csr)** - **Private Key (.key)**⚠️ Keep the **.key file** safe – you will need it later in XCA.
#### **Step 2: Sign the CSR with FileWave** Before the CSR can be uploaded to Apple, it must be signed by FileWave. 1. Navigate to [https://csr.filewave.com/](https://csr.filewave.com/) and log in with your FileWave account. 2. Upload the previously created **.csr file**. 3. Under *Download signed CSR*, your uploaded CSR should now appear as signed. 4. Download this newly signed CSR – this is the file you will upload to Apple in the next step. 5. Store the file in a secure location. [](https://kb.filewave.com/uploads/images/gallery/2023-07/aUMBuc33HyIemxTq-image.png) #### **Step 3: Upload the signed FileWave CSR to Apple** If you are renewing a certificate then jump to [Renewing a Certificate](#bkmrk-renewing-an-existing) ##### **Creating a new certificate** 1. Go to the **Apple Push Certificates Portal**: [https://identity.apple.com/pushcert/](https://identity.apple.com/pushcert/). 2. Sign in with an Apple ID (⚠️ do not use a personal Apple ID – use a generic business or institution Apple ID for long-term use). 3. Click **Create**. 4. Accept Apple’s *Terms of Use*. 5. Click **Choose File** and upload the **signed FileWave CSR**. 6. Click **Upload** – Apple will confirm the request. 7. Download the issued **APNS certificate (.pem or .cer)**. [](https://kb.filewave.com/uploads/images/gallery/2023-07/q3SFfJ5UMpW5OH2c-image.png) ##### **Renewing an existing certificate** 1. Go to [https://identity.apple.com/pushcert/](https://identity.apple.com/pushcert/) and log in with the same Apple ID that owns the certificate. 2. Locate the certificate to renew, confirm the *Subject DN (Topic)* matches the certificate in FileWave Admin. 3. Click **Renew**. 4. Upload the **signed FileWave CSR**. 5. Download the renewed **APNS certificate (.pem or .cer)**.If the 'Topics' do not match do not continue. If the correct certificate is not in the list on Apple's website, this is the wrong Apple ID. If this guide was followed in creating the original certificate, the previously used Apple ID will be viewable from the certificate "Private Key".
##### To confirm the certificate, compare the Subject DN (Topic) and current certificate. Clicking the 'i' button will show the certificate details, including the Topic: [](https://kb.filewave.com/uploads/images/gallery/2023-07/EY8Q5DZth1VIaIlJ-image.png) Ensure this matches with the 'Current Certificate' in FileWave Admin > Preferences > Mobile > Apple Push Notification Certificate: [](https://kb.filewave.com/uploads/images/gallery/2023-07/5UNFgg1tC7c2u7NY-image.png) #### **Step 4: Import and process the certificate in XCA** 1. First, download **XCA for macOS**: [https://github.com/chris2511/xca/releases](https://github.com/chris2511/xca/releases) 2. Install and start **XCA**. 3. Go to **Private Keys** → *Import* and select the previously saved **.key file** from Step 1. 4. Go to **Certificates** → *Import* and load the APNS certificate you downloaded from Apple (.cer/.pem). 5. Link the certificate with the corresponding private key in XCA. 6. **Export the certificate as a PKCS #12 (.pfx) file – important: without a password.** 7. After export, **rename the .pfx file to .p12** (FileWave requires the .p12 extension). #### **Step 5: Import the certificate into FileWave** 1. Open the **FileWave Admin**. 2. Go to **Preferences** → **Mobile**. [](https://kb.filewave.com/uploads/images/gallery/2023-07/PZDUQSCEcAP5ab0F-image.png) 3. Import the **.p12 file** you exported from XCA by browsing to the file and then picking to Upload. The topic should match the previous topic. FileWave Central should warn if the topics do match before accepting the upload. [](https://kb.filewave.com/uploads/images/gallery/2026-02/M8qpq5EUMPbud9Aq-image.png)  4. Save the settings by clicking OK to close the preferences dialog and verify that devices are communicating. #### **Step 6: Verification** - Test whether new or existing MDM clients correctly connect to the APNS service. - Check the logs in FileWave Admin to ensure there are no certificate errors.APNs certificates require yearly renewals. Through FileWave Admin > Dashboard > Alert Settings, automated emails may configured. Consider adding 'APN for MDM'. Note this requires the Email preferences in Admin to be configured.
## Contact Apple for help If you forgot the email tied to your Apple Push Notiifcation you may reach out to Apple for assistant [Contact Apple for help with APN](https://support.apple.com/en-us/118629) ## Related articles - [APNs Certificate Creation & Renewal on macOS Computers (Keychain)](https://kb.filewave.com/books/certificates/page/apns-certificate-creation-renewal-on-macos-computers-keychain "APNs Certificate Creation & Renewal on macOS Computers (Keychain)") - [APNs Certificate Creation & Renewal on Windows](https://kb.filewave.com/books/certificates/page/apns-certificate-creation-renewal-on-windows-computers "APNs Certificate Creation & Renewal on Windows Computers") # APNs Certificate Creation & Renewal on Windows Computers ## Description Apple Mobile Device Management (MDM) requires an Apple Push Notification service (APNs) certificate; renewable yearly.**APNs Expiry** If APNs certificates are allowed to expire, all MDM communication will be lost, until renewed. Update Model will also fail until renewed.
[](https://kb.filewave.com/uploads/images/gallery/2026-02/zeiTOyrwFm3LNsoH-image.png) This guide explains how to create the Apple Push Notification Service (APNS) certificate for FileWave on Windows computers using OpenSSL. You will generate a Certificate Signing Request (CSR), have it signed by FileWave, upload it to Apple, and then convert it to a format FileWave can import.**APNs Topic** An APNs certificate has a unique topic, in the form of a hexadecimal string, and belongs to the Apple ID used to create the certificate. When renewing, the topic must match to ensure devices continue to communicate with the server. As such, not only must the same Apple ID be used when renewing an APNs certificate, but the current certificate must also be selected for renewal.
## Step-By-Step Guide #### **Prerequisites** - Access to the **Apple Push Certificates Portal** ([https://identity.apple.com/pushcert/](https://identity.apple.com/pushcert/)) - A valid **Apple Business/School Manager account** or Apple ID - Access to the **FileWave Central** console - **OpenSSL for Windows** installed: [https://slproweb.com/products/Win32OpenSSL.html](https://slproweb.com/products/Win32OpenSSL.html) - Download the full version (not the light version, as it needs configuration files)**Administrator Access** All cmd.exe commands in this guide must be run with 'Run as Administrator'.
#### **Step 1: Generate CSR (Certificate Signing Request)** 1. Open **cmd.exe** as an Administrator 2. Create a CSR by entering the following command. This will create two files on the Desktop: `request.csr` and `privateKey.key`: ``` "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" req -out "%USERPROFILE%\Desktop\request.csr" -new -newkey rsa:2048 -nodes -keyout "%USERPROFILE%\Desktop\privateKey.key" -config "C:\Program Files\OpenSSL-Win64\bin\cnf\openssl.cnf" ``` 3. When prompted, enter values for the certificate fields. For **Common Name**, use a descriptive name like your Apple ID and server name (e.g., `company@example.com - FileWave Server`). This helps you identify the certificate later.**Common Name and Private Key** The Common Name you enter will be stored in the Private Key name. Using your Apple ID and server name ensures you can identify which Apple ID created this certificate in the future—important when renewing.
[](https://kb.filewave.com/uploads/images/gallery/2026-01/oOuKYCQKixxAANkB-1-windows-cmd-csr-creation.png) #### **Step 2: Sign the CSR with FileWave** Before the CSR can be uploaded to Apple, it must be signed by FileWave. 1. Navigate to [https://csr.filewave.com/](https://csr.filewave.com/) and log in with your FileWave account 2. Upload the `request.csr` file you created in Step 1 3. Under **Download signed CSR**, your uploaded CSR should now appear as signed 4. Download this newly signed CSR – this is the file you will upload to Apple in the next step 5. Store the file in a secure location [](https://kb.filewave.com/uploads/images/gallery/2026-01/vDujlITxq2cGB7mV-csr-portal.png) #### **Step 3: Upload the signed FileWave CSR to Apple** If you are renewing a certificate, skip to **Renewing an existing certificate** below. ##### **Creating a new certificate** 1. Go to the **Apple Push Certificates Portal**: [https://identity.apple.com/pushcert/](https://identity.apple.com/pushcert/) 2. Sign in with an Apple ID (⚠️ do not use a personal Apple ID – use a generic business or institution Apple ID for long-term use) 3. Click **Create** 4. Accept Apple's **Terms of Use** 5. Click **Choose File** and upload the **signed FileWave CSR** from Step 2 6. Click **Upload** – Apple will confirm the request 7. Download the issued **APNS certificate (.pem or .cer)** and store it securely [](https://kb.filewave.com/uploads/images/gallery/2026-01/nH1NkLoy7Lx62m6w-create-push.png) ##### **Renewing an existing certificate** 1. Go to [https://identity.apple.com/pushcert/](https://identity.apple.com/pushcert/) and log in with the **same Apple ID** that owns the certificate 2. Locate the certificate to renew and click the **info (i)** button to view certificate details, including the **Topic** [](https://kb.filewave.com/uploads/images/gallery/2026-01/ah9EE6tNfUf5rEl8-apns-renewal-003.png) 3. Compare this Topic with the 'Current Certificate' in **FileWave Admin > Preferences > Mobile > Apple Push Notification Certificate** [](https://kb.filewave.com/uploads/images/gallery/2026-01/KLlcGQKeZcgUB00C-apns-renewal-001.png)**Topic Mismatch** If the Topics do not match, do not continue. If the correct certificate is not in the list on Apple's website, you are using the wrong Apple ID. You can identify the correct Apple ID by reviewing the Private Key name from the original CSR (which should contain your Apple ID).
4. Click **Renew** 5. Upload the **signed FileWave CSR** from Step 2 6. Click **Upload** – Apple will confirm the request [](https://kb.filewave.com/uploads/images/gallery/2026-01/7PKkG4SXXfh7z5TH-apns-confirmation.png) 7. Download the renewed **APNS certificate (.pem or .cer)** and store it securely [](https://kb.filewave.com/uploads/images/gallery/2026-01/I1DsMZM5J61zQk2R-signed-csr-download.png) #### **Step 4: Create a .p12 file from the Signed Certificate** 1. Open **cmd.exe** as an Administrator 2. Create a `.p12` file by entering the following command. Replace the file paths if necessary, and note that `MDM_FileWave.pem` is an example – use your actual downloaded certificate filename: ``` "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" pkcs12 -export -in "%USERPROFILE%\Downloads\MDM_FileWave.pem" -inkey "%USERPROFILE%\Desktop\privateKey.key" -out "%USERPROFILE%\Desktop\push_cert.p12" -name fw-apns ``` 3. When prompted for the **Export Password**, leave it blank and press Enter [](https://kb.filewave.com/uploads/images/gallery/2026-01/odCqISOpVBqlf5WV-cerate-p12.png)**Path Issues** If the command errors when creating the .p12 file, replace the %USERPROFILE% variable with the full file path (e.g., C:\\Users\\YourUsername\\).
4. Verify the certificate was created correctly by running: ``` "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" pkcs12 -info -in "%USERPROFILE%\Desktop\push_cert.p12" ``` This will display certificate details. Confirm that the **Common Name** matches the value you entered in Step 1, and that the **Topic** matches the value from Apple. [](https://kb.filewave.com/uploads/images/gallery/2026-01/IPw6DYAGQJLo77Rd-openssl-private-key.png)**Common Name and Topic** The Private Key name will display the Common Name you entered when creating the CSR. The certificate name is the same as the Topic. Both should match the certificate you created or renewed at Apple.
#### **Step 5: Upload the certificate into FileWave** 1. Launch **FileWave Admin** and log in to your FileWave server 2. Open **Preferences** [](https://kb.filewave.com/uploads/images/gallery/2026-01/LxUUQK6q2z5nAL7v-filewave-admin-prefs.png) 3. Select the **Mobile** tab 4. Click **Browse** and navigate to the `push_cert.p12` file you created in Step 4 5. Select the file and click **Upload APN Certificate/Key Pair** [](https://kb.filewave.com/uploads/images/gallery/2026-01/WNkas6lTSFZCruWH-apns-renewal-001.png) The topic should match the previous topic. FileWave Central should warn if the topics do match before accepting the upload: [](https://kb.filewave.com/uploads/images/gallery/2026-02/1Gee8BgJGxherpat-apns-mismatch-warning.png) Click **OK** to save and close the Preferences dialog. FileWave may now manage Apple devices using Apple's Push Notification Service. #### **Step 6: Verification** - Test whether new or existing MDM clients correctly connect to the APNS service - Check the logs in FileWave Admin to ensure there are no certificate errorsAPNs certificates require yearly renewals. Through **FileWave Admin > Dashboard > Alert Settings**, you can configure automated email reminders. Consider enabling the 'APN for MDM' alert. Note: this requires Email preferences in Admin to be configured.
## Contact Apple for help If you forgot the email tied to your Apple Push Notification certificate, you may reach out to Apple for assistance: [Contact Apple for help with APN](https://support.apple.com/en-us/118629) ## Related articles - [APNs Certificate Creation & Renewal on macOS Computers (XCA)](https://kb.filewave.com/books/certificates/page/apns-certificate-creation-renewal-on-macos-computers-xca) - [APNs Certificate Creation & Renewal on macOS Computers (Keychain)](https://kb.filewave.com/books/certificates/page/apns-certificate-creation-renewal-on-macos-computers-keychain)