Menu
Question: How can I securely include the SSL cert required for push notifications in the installer for my server product?
Background: Apple Push Notifications require a client SSL cert to be in place on the server that's making the calls to Apple.
My product has a traditional client/server architecture, i.e. a customer installs the server within their intranet and then obtains the iOS client from the App Store and connects the client to their instance of the server.
The point here is that the customer installs the server themselves, rather than a cloud architecture where I would manage the server myself.
My problem is that I don't know how to package the push notification certificate in the server installer in a secure way. I can't distribute the .p12 file without a password because that would expose my private key, and I can't use a password because the password would have to be included somewhere else in the installer which would defeat the purpose. Do I need to relay messages from all of my customers through a server that I manage, which has the SSL client cert? Do I need to install the SSL cert by hand into every one of my customers' sites?
Surely others must have run into this problem already? Or has everyone moved to the cloud?
746
Log in to Apple Developer account, and navigate to the Program Resources tab and select Certificates, Identifiers & Profiles. Select Certificates tab and add a new certificate using the '+' sign. Select Apple Push Notification service SSL (Sandbox) under Services and click Continue.
If you already created a push certificate in the Setup Assistant and you want to create a new one, navigate to Organization > Settings > Apple Push Notification Service > Create own Certificate. In the pop-up dialog, click Download Certificate Signing Request.
APN certificate(s) downloaded from Apple only have one year validity from the date it was created. Ensure that the managed iOS devices do not have to be re-enrolled into TMMS for Enterprise when an APN certificate expires after a year.
Go to https://developer.apple.com and login to your Apple Developer Account. Select Certificates, Identifiers, Profiles. Select tab Production, then Click (+) Add to add a new Certificate. On Select Type page, select Apple Push Notification service SSL (Sanbox & Production).
Here is a major observation that happened to me over the weekend regarding Apple Push certificates. While there many references out there to setting up the Apple Push server side certificates, here is a MAJOR point I discovered that I cannot find referenced in any Apple documentation, or via google.
My situation: I have Push Certificates (sandbox) working great on Windows Server. Now it is time for production. Installation of production certs is successful like many times before. However, while the production push transmission completes error free, no pushes are generated to the device. Hmmm.
I just HAPPEN to notice that my Mac's time is roughly a minute off from the Windows Server (command-tabbing between MacOS and VM-Ware). Looking at Windows and Mac Settings, I see Windows internet time is set for "time.windows.com", and the mac for "time.apple.com". Just for kicks, I change the windows server time to "time.apple.com". Instantly, pushes are now being sent to the device. Nice. :-)
I dodged a major bullet here, this would have probably driven me insane trying to figure this one out. I do not claim to be an SSL cert guru... I (like most every one) just want to get this stuff to work because we have bigger fishes to fry.
I hope this is useful information.
112
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
