Apple has announced they will be updating their Apple Push Notification root certificate on February 24, 2025. To maintain MDM connectivity, this new root certificate must be added to the trust store on Workspace ONE UEM Console, Device Services, and API servers for on-premises deployments.
For more information on Apple’s announcement, please see Apple’s Push Notification service server certificate update.
Note: For SaaS-hosted environments, this change will be handled by Omnissa internally, and no further action is required.
How to install the Apple Push Notification service server certificate
Customers with on-premises instances of Workspace ONE must install the new root certificate SHA-2 Root : USERTrust RSA Certification Authority Certificate on Workspace ONE UEM Console, Device Services, and API servers.
To install the new root certificate to your server trust stores, please proceed with the following steps:
- Navigate to Apple’s Push Notification service server certificate update announcement and follow the link to Sectigo
- Download the root certificate SHA-2 Root : USERTrust RSA Certification Authority Certificate to your server
- Launch PowerShell as Administrator
- Run the following PowerShell command, where {FolderPath} is the full path to the folder where the certificate is located and {CertName} is the certificate file name
PowerShell.exe -Command Import-Certificate -FilePath “{FolderPath}\{CertName}.crt” -CertStoreLocation Cert:\LocalMachine\Root
Repeat these steps on all Workspace ONE UEM Console, Device Services, and API servers.
Thinkvirtuals 
Leave a comment