Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Should I prepare to Apple renewal of APNs USERTrust RSA Certification Authority certificate?

Tags:

ios

ssl

apple-push-notifications

On apple dev site in the news section here you can find two announcements about their renewal of:

USERTrust RSA Certification Authority certificate.

now, I have an app delivered via in-house distribution due to Apple developer Enterprise program. My app uses push notifications, but we are using auth tokens.

  1. Should I do something on the app?
  2. Should I advice backend colleague to check or do something server-side?

below the two announcements:

sanbox link

APNs Certificate Update Begins January 20, 2025 The Apple Push Notification service (APNs) will be updated with a new server certificate in sandbox on January 20, 2025. Update your application’s Trust Store to include the new server certificate: SHA-2 Root : USERTrust RSA Certification Authority certificate.

and

production link

APNs Certificate Update Begins February 24, 2025 The Apple Push Notification service (APNs) will be updated with a new server certificate in production on February 24, 2025. Update your application’s Trust Store to include the new server certificate: SHA-2 Root : USERTrust RSA Certification Authority certificate.

like image 430
biggreentree Avatar asked Jan 30 '26 22:01

biggreentree

2 Answers

In case your push server is on a Linux server (e.g. CentOS, Debian), written using PHP and using the PHP curl library (or any other language platform which is using the system's truststore) OR you are using curl command for the purpose, you may download the new server certificate and place in the path:

CentOS location:

/etc/pki/ca-trust/source/anchors/

Debian location:

/usr/local/share/ca-certificates

then run the following command to update your system's trust store

CentOS: update-ca-trust

Debian: update-ca-certificates

Ref: How to add Certificate Authority file in CentOS 7

Ref: https://www.baeldung.com/linux/ca-certificate-management

In case you want to get your curl's CA truststore file / path, run this command to check, e.g.:

curl -v https://google.com

Then find the line start by: "* CAfile: ..." or "* CApath: ..." Ref: https://serverfault.com/a/878229

like image 158
Richard So Avatar answered Feb 01 '26 13:02

Richard So

From an Apple engineer here:

What specifically needs to be done to install the new certificate to the Trust store will be different for all kinds of OSs and may also be different based on the push application you are using. This is something your server admins will know and should be able to check and configure as necessary.

like image 27
atineoSE Avatar answered Feb 01 '26 13:02

atineoSE
Sign in to Comment

Related questions

Custom UITableViewCells are not being reused on UITableView
iOS: block copied and added to mutable array, do I need to release them when empty the array?
How to record and save at 240 frames per second?
Twilio Error - 52134 Invalid APNs device token
not able to add image to tab bar item react navigation
Swift Package Manager could not be resolved all libraries, project

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!