Action Required: Apple Push Notification Service Server Certificate Update

Hi Apple Team,

we reiceved the following message.

Hello, We’re reaching out with a final reminder that the Certification Authority (CA) for Apple Push Notification service (APNs) is changing. APNs updated the server certificates in sandbox on January 21, 2025. APNs production server certificates will be updated on February 24, 2025. To continue using APNs without interruption, you’ll need to update your application’s Trust Store to include the new server certificate: SHA-2 Root: USERTrust RSA Certification Authority certificate.

Our web service sends token-based push notifications directly to the Apple Push server. For testing: https://api.development.push.apple.com:443 In production: https://api.push.apple.com:443

We have never installed any certificates for using APNs. Do we need to take any action regarding this message, or can we ignore it?

Regardless of using token based or certificate based authentication for APNs, this root certificate that is mentioned has nothing to do with that.

You need this certificate to be able to create a https connection to APNs in the first place. You may not be aware of it, but your server likely has similar certificates (perhaps including this one) installed in order to be able to make secure connections at all.

The new root certificate is already active in the APNs development environment. You can test that the new certificate is installed correctly by trying to send a development push notification to api.sandbox.push.apple.com:443

If you are able to send a push notification in the sandbox, then you are good to go. If not, then you need to install this root certificate on your server's trust store before the deadline.

Unfortunately we cannot provide specific instructions on how to install this root certificate on your push servers. Each server operating system and push server software will have different ways these root certificates are installed, which is out of scope of our support abilities. I also want to clarify that this certificate has nothing to do with your app or your APNs keys or certificates you may be using to authenticate your push requests. This is a TLS certificate that needs to be installed on the server in order for it to create a https connection to APNs.

If you are not sure how to do this, I would recommend you seek help for this from your server-side developers or server admins. Or, if you don't have access to such resources, you can ask the support channels for your system the question: How do I install a root certificate?


Argun Tekant /  DTS Engineer / Core Technologies

Action Required: Apple Push Notification Service Server Certificate Update
 
 
Q