cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Push Certificate non Compiant

Here to help

Push Certificate non Compiant

Hello,

A little while ago, a whole lot of our iPads receive an non-compliant push certificate message. While I can fix this, is there a way around this without wiping the device?

14 REPLIES 14
Highlighted
Kind of a big deal

Re: Push Certificate non Compiant

Highlighted
Here to help

Re: Push Certificate non Compiant

The certificate expired about a month ago. Clicking the Test Certificate button states that the certificate is valid.

Highlighted
Kind of a big deal

Re: Push Certificate non Compiant

The current certificate is probably a valid one, but that doesn't mean everything is all right. I think something went wrong during the renewal. For example maybe you used a different apple id to generate the new certificate. The link I posted has some troubleshooting steps. Have a look through those to see if that helps.

Highlighted
Here to help

Re: Push Certificate non Compiant

@BrechtSchamp 

 

I tried to renew the old certificate. That hasn't worked. Do you know if Apple keep backups of old certificates, because I don't appear to have an older copy.

Highlighted
Kind of a big deal

Re: Push Certificate non Compiant

Do you remember how you created your "new" certificate? If you just created it completely new, then you should still be able to download the old one if you log in to the Apple ID that created it originally. If you did renew it, with the CSR request generated by the Meraki dashboard, I'd open a ticket with Meraki support. I don't know if Apple keeps backups of the files.

Highlighted
Here to help

Re: Push Certificate non Compiant

@BrechtSchamp 

 

I think I created it from scratch not realising that there are 2 options. I tried to renew the old certificate from identity.apple.com and update that certificate. This didn't work.

 

I have decided to reset the iPads from scratch. Thanks to iCloud, there won't really be any loss of data. As I can only 1 at a time through iTunes. Is there a way I could reset them in bulk? I don't think configurator would work as it would say that they are managed elsewhere.

 

I'm backing up the .csr, .pem and token files now, so that should help if this happens again.

 

 

Highlighted
A model citizen

Re: Push Certificate non Compiant

Use the same Apple account that you used when you first created the token.

 

 

Highlighted
Building a reputation

Re: Push Certificate non Compiant

You can wipe the devices through Apple Configurator 2 when putting them to DFU.

Not sure if it also works if you mark all iPads, right mouse click and than say "factory reset"

 

We are wiping daily over 50 iOS devices managed and unmanaged. DFU always works 🙂

Highlighted
Here to help

Re: Push Certificate non Compiant

@beks88  Great. It might try the DFU mode as we also run Apple Configurator 2. However, it seems that you can only put 1 device at a time into DFU mode. Do you know if it's possible to put a stack (approx 5) into DFU mode at the same time?

Highlighted
Building a reputation

Re: Push Certificate non Compiant

"Do you know if it's possible to put a stack (approx 5) into DFU mode at the same time?" - What do you mean exactly?

 

You have to touch every device and put it into DFU. After that u can update/reset all 5 (using a hub) at the same time with AC2.

 

We use a ten port hub with external power and are able to update/reset all devices at same time.

Highlighted
Here to help

Re: Push Certificate non Compiant

@beks88 Sorry if that was confusing. I'll re-phrase it.

 

If I put an iPad in DFU mode using iTunes, can I then unplug the iPad (before restoring it), and connect it to my hub with AC2? Then, when I have a stack ready to go, reset that stack of iPads?

Highlighted
Building a reputation

Re: Push Certificate non Compiant

Why not connecting all iPads to the hub, starting AC2 and put one by one into DFU while they are connected to the Mac running AC2?

For DFU you have to use the hardware keys on the device. There is no way to put a device into DFU through iTunes. iTunes will just recognize the device is in DFU like AC2 will. But with AC2 you can update/restore more devices at the same time so you save yourself some time.

Highlighted
Here to help

Re: Push Certificate non Compiant

@beks88 @MikeMandalorian @BrechtSchamp 

 

Thanks. DFU mode seems to be working for resetting a stack through Apple Configurator 2. They seem to connect back into Meraki quite well after that.

 

However, after resetting the devices, they are all activation locking with my apple ID. This seems to happen if I wipe the iPad in either iTunes or Apple Configurator 2.

Highlighted
Building a reputation

Re: Push Certificate non Compiant

@SimonA1 This could be also the Apple ID you are using for Apple Business Manager.

 

You can try clearing the activation lock in bulk through Dashboard. Check this post from @Kevin_C 

 

https://community.meraki.com/t5/Endpoint-Management-Systems/Activation-Locked-iPads/m-p/49665/highli...

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels