Reputation: 1943
Should I prepare to Apple renewal of APNs USERTrust RSA Certification Authority certificate?
On apple dev site in the news section here you can find two announcements about their renewal of:
USERTrust RSA Certification Authority certificate.
now, I have an app delivered via in-house distribution due to Apple developer Enterprise program. My app uses push notifications, but we are using auth tokens.
- Should I do something on the app?
- Should I advice backend colleague to check or do something server-side?
below the two announcements:
APNs Certificate Update Begins January 20, 2025 The Apple Push Notification service (APNs) will be updated with a new server certificate in sandbox on January 20, 2025. Update your application’s Trust Store to include the new server certificate: SHA-2 Root : USERTrust RSA Certification Authority certificate.
and
APNs Certificate Update Begins February 24, 2025 The Apple Push Notification service (APNs) will be updated with a new server certificate in production on February 24, 2025. Update your application’s Trust Store to include the new server certificate: SHA-2 Root : USERTrust RSA Certification Authority certificate.
Upvotes: 15
Views: 11297
Answers (3)
Reputation: 198
For anyone using Amazon AWS SMS please refer this link https://repost.aws/questions/QU4hNT5ZjeRYC_pm_6P7yLxw/certificate-authority-ca-for-apple-push-notification-apn-is-changing?utm_source=chatgpt.com
Summary : If you're using AWS SNS for push notifications, no direct action is likely needed — AWS automatically manages certificates and trust stores.
Upvotes: 0
Reputation: 23
In case your push server is on a Linux server (e.g. CentOS, Debian), written using PHP and using the PHP curl library (or any other language platform which is using the system's truststore) OR you are using curl command for the purpose, you may download the new server certificate and place in the path:
CentOS location:
/etc/pki/ca-trust/source/anchors/
Debian location:
/usr/local/share/ca-certificates
then run the following command to update your system's trust store
CentOS: update-ca-trust
Debian: update-ca-certificates
Ref: How to add Certificate Authority file in CentOS 7
Ref: https://www.baeldung.com/linux/ca-certificate-management
In case you want to get your curl's CA truststore file / path, run this command to check, e.g.:
curl -v https://google.com
Then find the line start by: "* CAfile: ..." or "* CApath: ..." Ref: https://serverfault.com/a/878229
Upvotes: 2
Reputation: 4117
From an Apple engineer here:
What specifically needs to be done to install the new certificate to the Trust store will be different for all kinds of OSs and may also be different based on the push application you are using. This is something your server admins will know and should be able to check and configure as necessary.
Upvotes: 1
Related Questions
- This certificate has an invalid issuer Apple Push Services
- Programmatically generate APNS certificate
- Apple Push Notification service server certificate update
- How to send push certificate to APNS while calling their APIs?
- iOS - Renew APNS distribution certificate
- APNS production certificate problems
- Accidentally deleted APNS certificate
- Create a certificate for app which is used APNS