I got a notification that the Certification Authority (CA) for Apple Push Notification service (APNs) is changing. Does this affect the push service for Apple Wallet passes or just for apps? I have a push service for Apple Wallet passes but no service for apps. I don't use push notification service for anything other than for Apple Wallet Pass push notifications, not at all for apps. Is there anything I need to do or is this not relevant to my situation?
If it does, what do I need to change in order to make sure my service still works? Do I just replace the certificate? Is there a standard path where it would live on the server?
I'm sure this is a simple thing, but it's been over a decade since I wrote the push service so I'm pretty rusty.
Notifications
RSS for tagLearn about the technical aspects of notification delivery on device, including notification types, priorities, and notification center management.
Post
Replies
Boosts
Views
Activity
According to the Apple notification alert received in October 2024, the APNS server certificate update for production is scheduled for February 24, 2025.
Has this change been implemented, or is there a platform or method to verify whether this update has been applied in production?
If so, where can we check this?"
I noticed the time sensitive entitlement says it's only for iOS and macOS. But without the entitlement, the time sensitive toggle doesn't show in my app's notification settings on visionOS.
When I archive my visionOS app for App Store Connect, the entitlement seems to be taken out as it doesn't show in my entitlement list for the build in App Store Connect.
I'm confused at this point if the entitlement is really necessary, since it seems to be needed to debug on the simulator at least. I don't have a physical device to test it on unfortunately.
I have an app that pairs with a wearable Bluetooth device that collects users' health data. My web backend sends two push notifications every hour to all app users—one at XX:05 and another at XX:15. The first notification instructs the app to download data from the paired wearable device, while the second prompts the app to upload the downloaded data to the backend server's database.
However, I’ve noticed that many push notifications are not processed by iOS apps, especially at night. Based on Apple's documentation, iOS prioritizes push notifications and may ignore lower-priority ones to conserve battery life.
Is there a way to increase the priority to ensure that more (or all) push notifications are processed?
Would integrating the HealthKit framework help? Currently, I use Firebase Cloud Messaging (FCM) to send push notifications. Additionally, my app falls under the Health & Fitness category. Would changing it to Medical increase priority? P.S. I understand that Apple requires certain certifications for an app to be classified as Medical.
I received an update to the APN root certificate. Testing the connection using MDM.pem to the push environment returned the following error:BadCertificateEnvironment
ERROR
I am sending push notifications on iOS, and I can receive and display them correctly. I want to be able to dismiss notifications that have been read server-side (e.g. on a different device) so I am trying to send a custom notification payload alongside a badge counter update, that specifies what notification IDs to remove. I then use removeDeliveredNotifications on the IDs I get. However, it doesn't seem to be working. I am setting the identifier using the apns-collapse-id header and I do see that reflected on the device side. Any ideas what I might be doing wrong?
This is how I'm handling push notifications:
func userNotificationCenter(
_ center: UNUserNotificationCenter,
willPresent notification: UNNotification,
withCompletionHandler completionHandler: @escaping (UNNotificationPresentationOptions) -> Void
) {
let customPayload = notification.request.content.userInfo
if let dismissedNotifications = customPayload["dismissed_notifications"] as? [String] {
center.removeDeliveredNotifications(withIdentifiers: dismissedNotifications)
}
completionHandler([.banner, .sound, .badge])
}
I also tried doing the same thing inside
func userNotificationCenter(
_ center: UNUserNotificationCenter,
didReceive response: UNNotificationResponse,
withCompletionHandler completionHandler: @escaping () -> Void
)
Thank you!
What timezone is used in the CloudKit Push Notification reporting? Meaning, when I see 1,000 Sent Push Notifications on 2/18, is that 2025-02-18 00:00 through 2025-02-18 23:59 PST? EST? UTC?
The metrics shown in [the CloudKit Push Notification reporting] are not lining up with stats from my marketing system, and I'm trying to diagnose.
Also, is there a way to see DELIVERIES or just SENT? I'm looking to learn more about why a Notification would be Sent but not received by the user.
Thank you!
Hello Apple Developer Team,
Based on the mandate to update the APNs certificate by February 24, 2025 for certificate-based authentication, a question from the team has been brought up that maybe Apple or the community can help answer. Since our implementation uses token-based authentication, I’m seeking clarification on a couple of points:
1. Does the certificate update affect token-based connections at all?
2. What is the rationale behind updating certificates for certificate-based authentication, and are there any implications or benefits for developers using token-based authentication?
Understanding these details will help us ensure our system remains compliant and optimally configured. Any guidance or further clarification you can provide would be greatly appreciated.
Thank you!
Got notification to update this certificate - there was a link to Sectigo.com where I found an attachment with that name - when I clicked it I got a box where it said to install it. Clicked the box and it was saved somewhere on my computer.
Now I dont know if that's it or I need to take further actions - please help :-)
Have no experience with this - my collegue who did this has stopped.
Hoping for a simple answer :-)
P
Does iOS provide a callback when a notification is manually removed from the notification tray ?
I received an email from Apple saying that I needed to replace the APNS certificate.
I am inquiring because I am curious about who has the relevant authority and who actually makes the changes.
Could you please provide specific guidance on this?
Hello,
We’re reaching out with a final reminder that the Certification Authority (CA) for Apple Push Notification service (APNs) is changing. APNs updated the server certificates in sandbox on January 21, 2025. APNs production server certificates will be updated on February 24, 2025. To continue using APNs without interruption, you’ll need to update your application’s Trust Store to include the new server certificate: SHA-2 Root: USERTrust RSA Certification Authority certificate.
To ensure a smooth transition and avoid push notification delivery failures, please make sure that both old and new server certificates are included in the Trust Store before the cut-off date for each of your application servers that connect to sandbox and production. At this time, you don’t need to update the APNs SSL provider certificates issued to you by Apple.
If you have any questions, please contact us.
The Apple Developer Relations Team
Team-scoped keys introduce the ability to restrict your token authentication keys to either development or production environments. Topic-specific keys in addition to environment isolation allow you to associate each key with a specific Bundle ID streamlining key management.
For detailed instructions on accessing these features, read our updated documentation on establishing a token-based connection to APNs.
Hi,
We received the following message.
Hello, We’re reaching out with a final reminder that the Certification Authority (CA) for Apple Push Notification service (APNs) is changing. APNs updated the server certificates in sandbox on January 21, 2025. APNs production server certificates will be updated on February 24, 2025. To continue using APNs without interruption, you’ll need to update your application’s Trust Store to include the new server certificate: SHA-2 Root: USERTrust RSA Certification Authority certificate.
Note, that we are using Firebase to deliver push notifications and the connection is done via APN keys, not certificates.
Is there anything that we need to update in the application to mitigate the risk of not delivered push notes ?
We have a case when we send 8 push notifications more or less simultaneously over 1 HTTP 2.0 connection. Using .NET Core 8
Sometimes some of them fail with a strange message:
System.Net.Http.HttpRequestException: The response ended prematurely while waiting for the next frame from the server. (ResponseEnded)
---> System.Net.Http.HttpIOException: The response ended prematurely while waiting for the next frame from the server. (ResponseEnded)
at System.Net.Http.Http2Connection.ThrowRequestAborted(Exception innerException)
at System.Net.Http.Http2Connection.Http2Stream.TryEnsureHeaders()
at System.Net.Http.Http2Connection.Http2Stream.ReadResponseHeadersAsync(CancellationToken cancellationToken)
at System.Net.Http.Http2Connection.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.Http2Connection.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at Microsoft.Extensions.Http.Logging.HttpClientLoggerHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
We noticed that failure is always accompanied with a huge delay (~500ms) comparing to success (~20ms).
Also some of the burst messages are sent successfully (sometimes 2-4 of them)
What can we do about it?
Is there any callback available when a/all notifications is/are removed from notification tray?
Hello,
I have the new root certificate is installed on the server (regarding "Action Required: Apple Push Notification Service Server Certificate Update"). I have switched to using sandbox environment to test if it would be working but I get error:
"reason":"BadCertificateEnvironment"
does it mean that the root certificate is not installed correctly or that is a different issue?
What could be the reason for that?
I have found that this response corresponds to "The client certificate is forthe wrong environment.", but there weren't an option to set environment on "https://identity.apple.com/pushcert/".
Hi, With the upcoming changes to the Apple Push Notification service (APNs) server certificates — including the SHA-2 Root: USERTrust RSA Certification Authority certificate update — I wanted to clarify if we need to take any action with Salesforce.
"As we announced in October, the Certification Authority (CA) for Apple Push Notification service (APNs) is changing. APNs will update the server certificates in sandbox on January 20, 2025, and in production on x date, 2025. To continue using APNs without interruption, you’ll need to update your application’s Trust Store to include the new server certificate: SHA-2 Root : USERTrust RSA Certification Authority certificate.
To ensure a smooth transition and avoid push notification delivery failures, please make sure that both old and new server certificates are included in the Trust Store before the cut-off date for each of your application servers that connect to sandbox and production. At this time, you don’t need to update the APNs SSL provider certificates issued to you by Apple."
As we are using firebase for receiving notifications and azure notification hub, I read that there is nothing we as developers need to do and will be handled by the providers right?
Hi Apple Team,
we reiceved the following message.
Hello, We’re reaching out with a final reminder that the Certification Authority (CA) for Apple Push Notification service (APNs) is changing. APNs updated the server certificates in sandbox on January 21, 2025. APNs production server certificates will be updated on February 24, 2025. To continue using APNs without interruption, you’ll need to update your application’s Trust Store to include the new server certificate: SHA-2 Root: USERTrust RSA Certification Authority certificate.
Our web service sends token-based push notifications directly to the Apple Push server.
For testing: https://api.development.push.apple.com:443
In production: https://api.push.apple.com:443
We have never installed any certificates for using APNs.
Do we need to take any action regarding this message, or can we ignore it?
There is one xpc server and two xpc clients (clientA and clientB). When clientB sends a message to the xpc server, xpc server fills a value for dummyString in it's memory and I want clientA to know that dummyString got updated and also the new value for this dummyString. The updation of dummyString is not something that happens often.
Two options we tried:
Have a timer for 5 seconds in clientA and keep polling and request for the value of this dummyString.
Setup a darwin notification in server that gets posted whenever dummyString is being updated. clientA receives requests for dummyString value only when it observes a notification being posted.
Which of these two approaches causes the least delay for clientA to know the updated value of dummyString?