Push Certificate non Compiant

SOLVED
SimonA1
Getting noticed

Push Certificate non Compiant

Hello,

A little while ago, a whole lot of our iPads receive an non-compliant push certificate message. While I can fix this, is there a way around this without wiping the device?

1 ACCEPTED SOLUTION
BrechtSchamp
Kind of a big deal
14 REPLIES 14
BrechtSchamp
Kind of a big deal

The certificate expired about a month ago. Clicking the Test Certificate button states that the certificate is valid.

The current certificate is probably a valid one, but that doesn't mean everything is all right. I think something went wrong during the renewal. For example maybe you used a different apple id to generate the new certificate. The link I posted has some troubleshooting steps. Have a look through those to see if that helps.

@BrechtSchamp 

 

I tried to renew the old certificate. That hasn't worked. Do you know if Apple keep backups of old certificates, because I don't appear to have an older copy.

Do you remember how you created your "new" certificate? If you just created it completely new, then you should still be able to download the old one if you log in to the Apple ID that created it originally. If you did renew it, with the CSR request generated by the Meraki dashboard, I'd open a ticket with Meraki support. I don't know if Apple keeps backups of the files.

@BrechtSchamp 

 

I think I created it from scratch not realising that there are 2 options. I tried to renew the old certificate from identity.apple.com and update that certificate. This didn't work.

 

I have decided to reset the iPads from scratch. Thanks to iCloud, there won't really be any loss of data. As I can only 1 at a time through iTunes. Is there a way I could reset them in bulk? I don't think configurator would work as it would say that they are managed elsewhere.

 

I'm backing up the .csr, .pem and token files now, so that should help if this happens again.

 

 

Use the same Apple account that you used when you first created the token.

 

 

beks88
A model citizen

You can wipe the devices through Apple Configurator 2 when putting them to DFU.

Not sure if it also works if you mark all iPads, right mouse click and than say "factory reset"

 

We are wiping daily over 50 iOS devices managed and unmanaged. DFU always works 🙂

SimonA1
Getting noticed

@beks88  Great. It might try the DFU mode as we also run Apple Configurator 2. However, it seems that you can only put 1 device at a time into DFU mode. Do you know if it's possible to put a stack (approx 5) into DFU mode at the same time?

beks88
A model citizen

"Do you know if it's possible to put a stack (approx 5) into DFU mode at the same time?" - What do you mean exactly?

 

You have to touch every device and put it into DFU. After that u can update/reset all 5 (using a hub) at the same time with AC2.

 

We use a ten port hub with external power and are able to update/reset all devices at same time.

SimonA1
Getting noticed

@beks88 Sorry if that was confusing. I'll re-phrase it.

 

If I put an iPad in DFU mode using iTunes, can I then unplug the iPad (before restoring it), and connect it to my hub with AC2? Then, when I have a stack ready to go, reset that stack of iPads?

beks88
A model citizen

Why not connecting all iPads to the hub, starting AC2 and put one by one into DFU while they are connected to the Mac running AC2?

For DFU you have to use the hardware keys on the device. There is no way to put a device into DFU through iTunes. iTunes will just recognize the device is in DFU like AC2 will. But with AC2 you can update/restore more devices at the same time so you save yourself some time.

SimonA1
Getting noticed

@beks88 @MikeMandalorian @BrechtSchamp 

 

Thanks. DFU mode seems to be working for resetting a stack through Apple Configurator 2. They seem to connect back into Meraki quite well after that.

 

However, after resetting the devices, they are all activation locking with my apple ID. This seems to happen if I wipe the iPad in either iTunes or Apple Configurator 2.

beks88
A model citizen

@SimonA1 This could be also the Apple ID you are using for Apple Business Manager.

 

You can try clearing the activation lock in bulk through Dashboard. Check this post from @Kevin_C 

 

https://community.meraki.com/t5/Endpoint-Management-Systems/Activation-Locked-iPads/m-p/49665/highli...

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels