I want to use apple push notification service in my server. But someone said you have to use certificate in your server. I researched the internet and I have found tutorials but nobody says the certificate source. I am already using certificate in my app for push service but where can i found the certificates for server ? Can somebody show me a road map ?
Ps: I will use this is my server : https://github.com/argon/node-apn
http://developer.apple.com/
As usual with anything development related to Apple. Create a certificate there and use that.
Remember, for debug applications, you need to use the sandbox push service, while for release applications, you need to use the normal push service. Each require a different certificate.
All this is thoroughly explained in the Apple Push Notification Service and Provisioning and Development documents.
Related
I am developing an MDM Server for my office(around 20-25) so that we can push our company's IOS apps(only 2) to users devices. We will not be managing the devices.
There are around 20-25 sub-offices around the globe and each has their own server(hosted only in intranet) and set of users. None of them intervene with one another.
The APNs Certificate way of MDM looks convenient to me.
I have looked at few MDM providers. They ask each customer to create their own APNs certificate in the Apple Certificate Portal. Why can't the MDM providers have their own APNs certificate and use it to manage the devices of customers?
Can there be a centralized MDM Server which provides its SSL Certificate details, APNs Certificate details and Profile details for the .mobileconfig and also take care of profile and app installation
so that users will connect to the centralized server and download the .mobileconfig but the individual servers should decide on who should download the .mobileconfig and see the status of installtion of apps on those particular devices?
Is this solution possible?
My company uses Airwatch and there is very little user setup. We download the Agent, tech department sends a qr code to email, user scans it, puts in their username and email for our network, and it just does all the setup. Then they can go to a catalog and download our applications. I develop these applications and have enrolled maybe a hundred devices and haven't had to do much of anything on the client side.
What you are saying would work if you change the phones OS to check into this central MDM server. This would actually break Apples streamlined way of doing this. Hate it or love it, APNS makes it so there is only one way of doing things.
iOS does not allow it but Android does.
You have to think like Apple to see why the MDM vendors have you make an APNS push certificate to give them. Say one day, your MDM server goes absolutely bonkers and starts sending commands every second to devices that makes them unusable for users (constantly locking the screen or erasing devices every day). How can Apple prevent your rampant abuse of the MDM protocol that is ruining customer experience? Well, if they revoke the APNS certificate, you can't command your devices any more as the devices will never get notified there are new MDM commands, and the users will no longer be affected.
If there was a MDM vendor who had one APNS certificate for hundreds or thousands of different companies, the abuse by a single company could lead to Apple revoking the APNS certificate and now all those other companies are unable to use their MDM because of one abuser.
Today I noticed a new section named "Keys." I don't know which services uses this? Anybody have any idea? Or I'm the beta user to see this?
I noticed it also quite recently and used it right away for push notification configuration of a 3rd party service. In my case I created a key and then added it to the Visual Studio Mobile Center push notification configuration site along with the BundleID and the TeamID.
Additional to this you still have to configure Push Notification on your App Identifier in the corresponding section.
It looks like the keys here are a new and more convenient way for passing push authentication info like the PEM files before.
But can't actually find and official docs on this topic by Apple :( by now.
Found this info https://developer.clevertap.com/docs/how-to-create-an-ios-apns-auth-key
If you’d like to send push notifications to your iOS users, you will
need to upload either an APNs Push Certificate, or an APNs Auth Key.
We recommend that you create and upload an APNs Auth Key for the
following reasons:
No need to re-generate the push certificate every year One auth key
can be used for all your apps – this avoids the complication of
maintaining different certificates When sending push notifications
using an APNs Auth Key, we require the following information about
your app:
Auth Key file Team ID Your app’s bundle ID
This sounds like a convenient way to send APN as no need to keep renew annually, but the 1 key is used for all your apps and the p8 file can only be downloaded once after generated. Not sure if the APN still work if I delete the key afterward.
Keys are used for a variety of Apple services. Here's a screenshot:
I know it may sound stupid question, but does it matter if you use distribution certificate for the development? Because AWS push notification service does not take .p12 file generated from development certificate and I have no choice but to use distribution certificate. The reason why I'm asking this question is because I'm not receiving any notification from my iphone sent from AWS SNS console. It seems that my phone has no trouble connecting to SNS service since I can see it is subscribed to the topic I created and the log information outputting from AWS framework suggesting the green light (shows token value returns from aws service).
As of 2016, you can use the same cert for both development and production. This is mentioned in one of the WWDC 2016 videos What's New in the Apple Push Notification Service Session 724. It's covered at the 4:20 mark of the video.
I am very new to iOS app development and APNs. I have developed two apps which are configured to receive push notification.
In my test environment, I am hosting two APIs apiAppX and apiAppY written using Javapns library on same machine. apiAppX and apiAppY generate push notifications(alerts) for appX and appY respectively. I am using different p12 file for different app.
The problem is, if I generate APNs certificate for appX first then it receives notification but appY doesnt. If I generate APNs certificate for appY first then it receives notification but appX doesnt.
I think this issue is being caused because I am hosting two providers on one machine. I came to conclusion after reading this documentation. Especially, after reading following paragraph:
Note that provider connection is valid for delivery to only one specific app, identified by the topic (bundle ID) specified in the certificate. APNs also maintains a certificate revocation list; if a provider’s certificate is on this list, APNs may revoke provider trust (that is, refuse the connection).
Am I right?
Thanks.
I am working on an enterprise application to be distributed in-hously. As a feasibility study, I have read & have developed push notifications using APNS. Here is something I want to ask regaring APNS.
My humble request to.enthusiastic developers,
"Answer this if they have encountered or have any idea or have done some sort of work like this. Please do not just point to any arbitrary tutorial or question links of Stack Overflow."
What are the security aspects involded (from information security point of view) on the PayLoad that I will be sending to APNS server. My client cares because of the information Security policies that I too have to abide.
Is it possible to send / receive notification from the APNS from being within a VPN. How ?
Is it possible to completely bypass the APNS server & have a one in-house server, that can send notification to my device directly. How ?
What if, if I want to implement APNS but do not want to share my
payload with APNS server.?
Thank you for reading my question.
Although end points of the APNS architecture are TLS encrypted, Apple may see your data in clear text. You have to clarify with your customer, if this is ok or not.
Yes, but you'll need some open ports
No, this is not possible
You may use some kind of token as the payload and request the confidential information from your own server using this token.