Dev Solve

English

中文
日本語

English

中文
日本語

Appearance

Related Posts

APNs Certificate Update 2025

APNs Server Certificate Update 2025: Firebase and Third-Party Provider Impact

Enabling Developer Mode on iPhone or iPad

Resolving "Build Input File Cannot Be Found" Error in Xcode

Fixing "Your Ruby version is 2.6.8, but your Gemfile specified 2.7.5" in React Native

Apple Push Notification Service Certificate Update: Action Required?

Problem Statement

Apple recently announced upcoming changes to the Certificate Authority (CA) for Apple Push Notification service (APNs). According to Apple's official notice:

"APNs will update the server certificates in sandbox on January 20, 2025, and in production on February 24, 2025. All developers using APNs will need to update their application's Trust Store to include the new server certificate: SHA-2 Root: USERTrust RSA Certification Authority certificate."

Developers using third-party services like Firebase or Amazon SNS for push notifications are wondering if they need to take any action before these deadlines.

Do You Need to Take Action?

For Firebase Users

No action is required on your part. Firebase has confirmed that its servers will automatically handle the certificate update:

Official Firebase Confirmation

"You are correct. Firebase servers will handle these updates."
Firebase Team via Google Groups

Firebase Cloud Messaging (FCM) servers maintain their own certificate stores and will include the new Root CA certificate before Apple's deadlines. Your applications will continue receiving push notifications without any changes to your codebase or servers.

For Amazon SNS Users

As a managed service, Amazon SNS will handle the certificate updates internally. AWS generally manages infrastructure certificate updates for their managed services like SNS. While there's no explicit public statement regarding this specific update, this aligns with AWS's standard operating procedures for managed services.

Handling Your Own APNs Implementation

If you're directly managing your own APNs implementation (without third-party services), you must take action:

bash
# Root certificate to add to your trust store
SHA-2 Root: USERTrust RSA Certification Authority
  1. Update your server's trust store to include the new certificate
  2. Ensure both old and new certificates are present before the deadlines
  3. Test notification delivery in both sandbox and production environments

Critical Deadlines

  • Sandbox environments: January 20, 2025
  • Production systems: February 24, 2025

Best Practices

  1. Test notifications after the transition dates regardless of your provider
  2. Monitor provider status pages:
  3. Verify your notification implementation handles temporary delivery failures gracefully
  4. If using AWS directly, review certificates in your:
    plaintext
    Application Servers → APNs Endpoints (gateway.push.apple.com)

Apple emphasizes that no changes are required to your existing APNs SSL provider certificates at this time.

Summary Table

Service ProviderAction Required?Notes
Firebase❌ NoAutomatic update on Firebase servers
Amazon SNS❌ NoAWS manages infrastructure certificates
Custom Implementation✅ YesUpdate trust store with new root CA before deadlines