Skip to main content

Connect Apple Push Notification Service (APN)

Set up Apple Push Notification Service: download CSR, create the PEM certificate in Apple portal, upload to Trio, and enable real-time MDM.

Connect Apple Push Notification Service (APN)

Apple Push Notification Service (APN) is the backbone of real-time MDM communication with Apple devices. Without a valid APN certificate, Trio can’t lock, wipe, install apps, or push profiles to iPhone, iPad, or Mac. Use the built-in wizard to generate the certificate and upload it to Trio.

Prerequisites

  • Role: Security Admin or Fleet Admin

  • Apple ID: A business Apple ID you can access every year for renewals

  • Browser: Safari, Chrome, or Edge with pop-ups allowed for Apple portals

  • Files you’ll handle: trio-mdm.csr (created by Trio) and a .pem certificate (downloaded from Apple)

Open the APN Wizard

  1. Go to Fleet → MDM Setup → Apple.

  2. Under Apple Business Manager Integration, click Set up Certificate next to Apple Push Notification Service (APN).

  3. The wizard titled Connect to Apple Push Notification Service (APNs) opens on Step 1 • Download CSR.

Step-by-Step Setup

1. Download the CSR from Trio

  1. Click Download CSR File.

  2. Save trio-mdm.csr somewhere safe—you’ll upload it to Apple in the next step.

2. Upload the CSR to Apple and download the PEM certificate

  1. Open https://identity.apple.com/pushcert and sign in with your Apple ID.

  2. Click Create a Certificate in Certificates for Third-Party Servers.

  3. Accept Apple’s terms, choose Upload, and select trio-mdm.csr.

  4. When Apple finishes processing, click Download to save the new file that ends with .pem. This is your APN certificate.

3. Upload the PEM certificate to Trio

  1. Back in the wizard, drag-and-drop the .pem file into the upload box (or click to browse).

  2. Enter the Apple ID email you used to create the certificate.

  3. Click Complete APN’s setup. Trio validates the file and switches APN status to Connected, showing the Apple ID, certificate UID, and expiration date.

Trio will email you 30, 15, and 7 days before the certificate expires so you can renew it on time.

What’s Next?

With APN active you can:

  • Enroll Apple devices via Automated Device Enrollment (DEP/ASM).

  • Push apps and configuration profiles from Software Management.

  • Return to MDM Setup to connect Automated Device Enrollment (DEP) and App & Book Management (VPP).

Troubleshooting

Problem

Symptom

Fix

File rejected on upload

“Unsupported file” error

Make sure the file ends with .pem and came from Apple’s Push Certificates Portal.

Duplicate certificate UID

“Certificate already in use” toast

Delete the old certificate in the Apple portal, then create and upload a new one.

Certificate expired

APN status shows Expired in red

Renew in Apple portal, download the new PEM, and upload it to Trio. No CSR needed if you renew before expiration.

Lost Apple ID access

Can’t renew certificate

Create a new certificate with a new Apple ID and upload it before the old one expires to avoid service disruption.

Meta description (130 characters)
Set up Apple Push Notification Service in Trio—download CSR, create the PEM certificate in Apple’s portal, upload to Trio, and enable real-time MDM.

Related Articles
Connect Apple ABM or ASM Integration
Connect Automated Device Enrollment (DEP)
Renew Apple Push Notification Service (APN)
Renew Automated Device Enrollment (DEP) Token
Renew Volume Purchase Program (VPP) Token
Did this answer your question?