Regardless of using token based or certificate based authentication for APNs, this root certificate that is mentioned has nothing to do with that.
You need this certificate to be able to create a https connection to APNs in the first place. You may not be aware of it, but your server likely has similar certificates (perhaps including this one) installed in order to be able to make secure connections at all.
The new root certificate is already active in the APNs development environment. You can test that the new certificate is installed correctly by trying to send a development push notification to api.sandbox.push.apple.com:443
If you are able to send a push notification in the sandbox, then you are good to go. If not, then you need to install this root certificate on your server's trust store before the deadline.
Unfortunately we cannot provide specific instructions on how to install this root certificate on your push servers. Each server operating system and push server software will have different ways these root certificates are installed, which is out of scope of our support abilities.
I also want to clarify that this certificate has nothing to do with your app or your APNs keys or certificates you may be using to authenticate your push requests. This is a TLS certificate that needs to be installed on the server in order for it to create a https connection to APNs.
If you are not sure how to do this, I would recommend you seek help for this from your server-side developers or server admins.
Or, if you don't have access to such resources, you can ask the support channels for your system the question: How do I install a root certificate?
Argun Tekant /
DTS Engineer /
Core Technologies
