Centrify Identity Service with iOS devices and Mac systemsProblem:
Devices that have been successfully enrolled into the cloud for some time are suddenly showing up as "Unreachable
" in the Centrify Cloud Service.
Both policy and MDM pushes to the affected devices fail to have any affect. Cause:
It was found that a new Apple Push Notification Service (APNS) certificate was recently generated and uploaded into the Cloud Manager, replacing the older one that was reaching its expiry date.
Devices that were previously enrolled into the cloud were signed against the previous certificate. When the old cert was replaced by the newer certificate, it broke the trust with the earlier enrolled devices as the certificate signatures no longer matched.
Instead of generating a new certificate, the existing certificate should have been renewed via the Apple Push Certificates Portal instead.Workaround:
If the previous expiring certificate can no longer be renewed, the affected devices will need to be re-enrolled against the newer certificate.Resolution:
Use the following KB for the correct steps for renewing an APNS certificate:
Any iOS devices that had been enrolled while the newer certificate was registered in Cloud Manager will need to be re-enrolled as they
will now be the devices with the mismatching certificate signatures
For more information on how APNS certificates works with Centrify Cloud Manager, see the online documentation: