first question: if you have the option to renew the existing certificate, please choose that option as opposed to going with a new certificate. That will save you the headache of having to have users reprovision iOS devices. be sure to test the certificate for communication with apple servers first by installing the deployment helper tool and verifying the certificate passes the apple connection test.
second question: The easiest way is to simply make a backup of the EMM database in SQL before making any changes. If things do not work as planned, you can simply stop IIS (run a "iisreset -stop" from a command prompt) then restore the DB backup, and restart IIS (IISRESET -Start). You should not have to re-install the software or anything like that, but additional information regarding Disaster Recovery options can be found in KB73237.
thx a lot for the fast, clear and precise response. This will help me a lot. I liked the idea of using the deployemnt helper for testing purpose.
However after a bit of testing i wasn't able to obtain a communication between apple and our server. I've tried 2 scenario starting with the PLIST obtained from McAfee.
1st renew the actual
2nd create new .pem and complete
Those 2 scenarios gave me the same .PFX (identical topics) and failed to connect to apple.
Open to ideas here.......... :-)
Are you running the deployment helper from the EMM DMZ server or whichever server has the push notifier installed? That would be the server to do it on since it probably has all the firewall rules allowed already in the firewall for connecting to apple servers, etc. If you are running the Deployment helper on that server and that is where it's failing, the deployment helper will usually generate a very detailed report (text file) that will tell you why Apple servers are rejecting the connection/certificate or if the connection to the apple servers is even successful.
You can paste the results of the deployment helper here or for a faster response you could also open a case with support.