I'm supporting one mobile application. Recently I got email that "apns production certificate will expiring soon". After that I checked my backend and found that no any certs using, only auth key. As I know auth keys don't have expiration key. I suppose that apns-cert used on first time after launch or maybe created mistakenly but not using right now. So I have couple of quesions:
1) For well-working APNS, should I have only auth key without APNS certificates? (My idea here - can I safely remove cert without hurting current APNS)?
2) If for example I have non-used in production APNS certificate - I still receive some notifications on my email - like "this certificate will expiring soon"?
Thanks in advance.
1) For well-working APNS, should I have only auth key without APNS
certificates? (My idea here - can I safely remove cert without hurting
current APNS)?
You can safely remove any expired APNS certificate if you are not using. They are not related to the Auth Keys.
2) If for example I have non-used in production APNS certificate - I
still receive some notifications on my email - like "this certificate
will expiring soon"?
Just because you created those certificates, so Apple notifies you of the expiry date whenever they are going to be expired.
You can reference to the following discussion for more details.
https://forums.developer.apple.com/thread/91891
Related
If a user has uninstalled my app, how long will the APNS take to update that this device is inactive for the bundleID?
Heyo, after reading up a bunch to make the migration to the new APNS provider API, this is what seems most familiar to me regarding this:
Establishing a Certificate-Based Connection to APNs
"Check expiry of a certificate with KeyChain Access. To avoid a disruption in service for your users, update your provider certificates before they expire. Provider certificates are valid for a year and must be updated to continue communicating with APNs".
Also:
"If you think your certificate or private key has been compromised, you can revoke your certificate from your developer account. APNs maintains a list of revoked certificates, and it refuses TLS connections from servers whose certificates are on that list. If your server is using a revoked certificate, close all existing connections to APNs and configure a new provider certificate for your server before opening any new connections".
Seems to me it the expiry is based around certificate creation as well as deleting the app?
I'd like to hear more on this....
I'm trying to send push notification for iOS via Google cloud functions but it returns error that The provided registration token is not registered. But I've checked it by debugging my app and the FCM registration token is correct. After that I've tried to send push notification via Firebase console to single device by providing FCM token but it failed due to Unregistered registration token. How this happens because there is no issue with device FCM token?
I think it should be some careless mistake, you should make sure the things below:
The token is same with -[FIRMessagingDelegate messaging:(FIRMessaging *)messaging didReceiveRegistrationToken:(NSString *)fcmToken]
The GoogleService-Info.plist is downloaded from the same account with your Firebase push console.
Updated to the latest Firebase SDK.
From the Google Firebase document are some description of your error The provided registration token is not registered.
The provided registration token is not registered. A previously valid
registration token can be unregistered for a variety of reasons,
including:
The client app unregistered itself from FCM.
The client app was automatically unregistered. This can happen if the user uninstalls the application or, on iOS, if the APNS Feedback
Service reported the APNS token as invalid.
The registration token expired. For example, Google might decide to refresh registration tokens or the APNS token may have expired for iOS
devices.
The client app was updated, but the new version is not configured to receive messages. For all these cases, remove this registration token
and stop using it to send messages.
I also got a similar error. Something like this.
FirebaseMessagingError: The provided registration token is not registered. A previously valid registration token can be unregistered for a variety of reasons. See the error documentation for more details. Remove this registration token and stop using it to send messages.
So I simply generated a new token and replaced it with the old one.
And it started working fine.
I also got a similar error on the released build iOS device.
The provided registration token is not registered. A previously valid registration token can be unregistered for a variety of reasons. See the error documentation for more details. Remove this registration token and stop using it to send messages.
I fixed it by reuploading correct .p12 certificate on the firebase messaging
I got a mail from firebase support team:
"In your case, please note that you can only upload up to 2 APN certificates. One for development and another for production. Since one of the APN certificates is invalid, you should delete the incorrect one. To be able to delete an APN certificate, the user must have an 'owner' permission/role. Upon checking, you don’t have enough permission to make this change. I suggest you reach out to the project owner to request the necessary permission or to delete the APN certificate.
Just to add, As of I/O 2017, developers can use either auth keys or certs for their APNs. We recommend that you use auth keys because they are easier to configure and do not expire. If both cert and an auth key is uploaded, our server will use the auth key.
Our system can not validate auth keys like it does certificates. We do not have a way of validating that APNs will accept them without sending an actual message. With certs, we open a connection to APNs before accepting them, and if they are invalid APNs reject them and we can return the error to the user."
I was experiencing this issue and it turned out that our server was sending a bad notification payload for a certain use case. When this happened, Firebase would send a return code of 400 and unregister the token.
The fix for us was to fix the use case sending the bad payload. The error in our payload was due to "DeviceTokenNotForTopic". Be sure to check that you aren't getting errors when posting notifications prior to when you get in this bad state.
I'm trying to configure my iOS app to receiver notifications with Firebase.
If I export the certificate and the private key without a password and try to upload it (production or development) on Firebase console I get the error "Incorrect password".
If I export the certificate and the private key with a password I get the error "An unknown server error ocurred" or "There was an error reading your certificate".
I don't understand why that is happening. I did follow the tutorial correctly. Can someone help me?
You should be using an APNS Authentication Key rather than the certificates. This is the new preferred method in iOS for a provider to register and send messages with APNS
From Firebase:
Configuration with auth keys is recommended as they are the more
current method for sending notifications to iOS
From Apple:
For a provider to communicate with APNs, it must employ a valid
authentication key certificate (for token-based connection trust) or
SSL certificate (for certificate-based connection trust). You obtain
either of these certificates from your online developer account, as
explained in “Configure push notifications” in Xcode Help. To choose
between the two certificate types, read Provider-to-APNs Connection
Trust. Whichever certificate type you choose, provider connection
trust is prerequisite to a provider sending push notification requests
to APNs.
while exporting just select the Apple Push Service part and don't select the private key from Keychain Access and export than in firebase Production APNs certificate browse the p12 file you just created, it will work.
I don't know when this implementation will be deprecated but it works as of now (19 Feb 2018).
You should export only the certificate and don't select the private key . Please see this screenshot
My certificate expires in a month, my app uses push notifications so I need the certificate to be valid. If I revoke it and then create a new one will I have to upload an "update" for the app with the new certificate? or is easier if it expires first then I renew the certificate and then I'll need to generate again all the provisionings with the new certificate? I need to be sure about this before I revoke it, please help. Can someone share a link where I can verify this.
No, not at all. The certificate is for your server. You don't need to submit an app update by any means, simply revoke the certificate and request a new one, and then upload that certificate to your provider, whether that be Urban Airship :) or whomever. No downtime whatsoever to your current users.
I have my App in the AppStore which uses push notifications. I already have a valid certificate but it expires in a month. My question is "Is there any way to generate a permanent APNS certificate which doesn't expire"? I've to deploy server in client premises and don't have further access, so I need to generate a permanent APNS certificate.
No, it's not possible to generate a permanent certificate. A production APNS certificate is valid for 1 year. You will be able to generate a new certificate to replace the existing one before it expires.