Update Apple Push Services Certificate for WorxMail

Last year around this time, Citrix announced the support for Apple push notification support for WorxMail, so users don’t face any delay in email/calendar notifications. You can find more details on that here.

The Apple push services certificate that you are using expires every year, which is just to make sure end users don’t face any inconsistency with push notifications. Just before your old certificate expires, you’ll need to create a new certificate “Apple Push Notification service SSL Certificates” and update it in Citrix portal.


  1. Apple does not support renewing the Certificate, if the certificate expires/about to expire you will need to create a new certificate.
  2. You don’t need to re-wrap the WorxMail application when the Apple Push Services certificate expires / when you add a new certificate to same App ID.
  3. You don’t need to change any mdx policy settings for WorxMail application in XenMobile server.
  4. Make sure you update the existing Customer ID in Citrix portal (do not Add new certificate).

The steps below steps will guide you through the process.

Steps to create a new Apple Push Notification service SSL Certificate:

  1. Login to the Apple developer portal using the Safari browser.


2. Post login, navigate to “Certificates, Identifiers & Profiles” section, under Certificates -> All sections verify the expiration date of the Apple Push Service certificate that you are using with WorxMail to enable Apple Push Notifications.


3. If the certificate is about to expire, click on Identifiers, then click on App IDs and select the App ID that you are using for WorxMail to enable push notifications.


4. Click Edit to edit the App ID.


5. Scroll to Push Notifications, under Production SSL Certificate section, Click on Create Certificate button.


6. Now you will be asked to create a CSR.


Steps to create a CSR:

7. From your MAC device, open KeyChain Access. Navigate to Keychain Access -> Certificate Assistant -> Request a Certificate From a Certificate Authority.


8. Under the Certificate Assistant page, provide the User Email Address, Common Name for the certificate (use something that’s convenient and user-friendly, so that you can identify it easily in the keychain) and provide the CA Email Address. Select the Request as “Saved to disk” and Click Continue.


9. Save the CSR on the MAC device.


10. Now switch back to the Safari browser and Click Continue (as on step 6), click Choose File, select the CSR that you have created in step 9 and Click Continue.


11. Once your Certificate is ready, Download it to your MAC device.


12. You can confirm the creation of the new Apple Push Service Certificate creation under Certificate -> All.



  1. You will see two certificates with the same name because they are bound to the same App Id.

Installation of the Certificate:

13. Install the downloaded certificate on the MAC device. Once installed, you can confirm the same in Keychain Access.


Export of certificate(.P12) from Keychain Access:

14. From the Keychain Access, Export the certificate that you have installed in the above step.


15. Save the Certificate(P12) on your MAC.

12 13 14

16. Once you have the P12 certificate, login to the Citrix XenMobile tools portal. Login, then click on Upload WorxMail APNs certificates.


17. Once you click on Upload WorxMail APNs certificates, you will see the Region, Customer ID which is bound to the WorxMail App ID that you are already using. Now click on Update button.


  1. If you see multiple entries here, make sure you update the right entry.


18. Choose the APNs certificate that you have exported in step 14 and 15 and provide the Certificate password and click Upload.


19. Once the newly created certificate is bound, you can see the new Expiration date being reflected on the screen.



  1. Once these steps are taken care, verify Apple Push Notifications with WorxMail.
  2. Upon confirmation of working of Apple Push Notifications as before, you can go ahead and revoke the old Apple Push Services certificate bound to App ID.

Citrix_Mobilize Windows_Banner 2_728x90_Static_Compete_F_072715