About “Apple Push Notification service server certificate update”

Installing and checking your servers' certificates will be different for all kinds of OSs and may also be different based on the push application you are using.

This is something your server admins will know and should be able to check and configure as necessary.

Hi, I received an email about this issue today.

Some terms are confusing for me. Could someone please confirm my following understanding is correct?

As developers, what we should do:

1. We only need to update the CA Trust Store on our servers that communicate with APNs to include the new CA certificate.

2. No changes are required for:

• The APNS key (.p8 file)
• The legacy SSL certificates (.p12 file)

Now it has been the sandbox test phase announced by Apple, my server has not added SHA-2 Root: USERTrust RSA Certification Authority certificate, and now the test push is can received. After adding, can still receive push, so how to verify whether the addition is successful? My certificate was downloaded from the website provided by APPLE

As apple instructed, we added it to the Trust Store of our server that handles push notifications. However, upon checking the content of the existing USERTrust RSA Certification Authority file already present in the Trust Store, we found it to be identical to the newly downloaded one.

Our server has been operational since April of last year, and the last update to Sectigo's USERTrust RSA Certification Authority file was in 2019.

Apple's instructions suggested maintaining both the old and new certificates concurrently to ensure a smooth transition. Given that the two certificates are identical, we are concerned. Is this acceptable?