Push notification of server certificate updates for the service

Question

Created 5d

Replies 2

Boosts 0

Participants 2

Background: ① We initiate push notification requests by generating tokens using the p8 certificate. ② The lowest version of the server we use is Ubuntu 16.04, and the image is Alpine Linux 3.15. ③ Currently, the root certificate USERTrust_RSA_Certification_Authority.pem is default in the system and has the same MD5 value as the provided download file. The time for both is 2019.

My questions: ① Which certificate should we download and add to the server's trust store, Root Certificates? ② Does the system we are using default include this certificate? ③ What operations are needed for this server certificate replacement?

Boost

Answer 1

Engineer OP

Apple

5d

Unfortunately we can't provide information specific to your servers. It just needs the mentioned root certificate in the trust store. If you believe you already have it, perhaps you don't need to do anything else.

We have setup a test server at 17.188.143.34:443 that you can use to try and send pushes to test whether your new root certificate is correctly installed.

Alternatively you can run the following command to test:

openssl s_client -connect 17.188.143.34:443 -servername api.sandbox.push.apple.com -verifyCAfile USERTrustRSACertificationAuthority.crt -showcerts

(change the parameter to the -verifyCAfile argument to point to your trust store, and it should allow you to validate)

0

Answer 2

hssshhhhhh OP

4d

I've seen your reply in other posts. There are multiple links to download the certificate in the notice announcement. According to the server systems we are using, which certificate do you think we should download? Do Alpine Linux 3.15 and Ubuntu 16.04 already include the latest root certificates?

0