I hope this is not a question that has been asked 1000x, I couldn't find a good answer.
In order to distribute apps to our testers we use ad-hoc builds. The trouble we are having is that APN stopped working for the ad-hoc builds. The servers that are used by the adhoc builds are using the production push SSL certificate and production service endpoints.
My questions:
1.) Does apple permit using the production APNS if the app is not distributed via the app store? Do you need an enterpise account for that?
2.) Are there proven recipes to track down errors? The feedback service from apple has not returned anything ever.
Thanks for any feedback,
Stan
I'm not positive that it is a requirement (though I believe so), but we have sent notifications using the production cert from an enterprise account.
The feedback service will tell you if a token is no longer good, but in general it fails silently once the request has been successfully sent off to Apple (your framework can provide errors such as ports being blocked etc.).
Related
I have four Enterprise iPhone apps that all utilize the Apple Push Notification System (APNS), and each application communicates via TCP with servers on our network. The servers contain software that automatically generate and send push notifications to users on certain events.
Until today, everything has been working fine, but suddenly any notification for my development iPhone throws an SSPI error. No problem with production units.
It happens for all four apps. Any notification that is sent through gateway.push.apple.com:2195 works fine, but sending through gateway.sandbox.push.apple.com:2195 returns the error.
The Apple developer website indicates that the APNS sandbox server is available, so I have to assume the problem is not a server crash. I have received no email notifications that any certificates have expired, but they shouldn't anyway, because they are all current.
My question is, is there something else I need to be looking at to see where this problem is?
Bill, we had the same exact issue starting March 9, 2019, when our VoIP APNS certificate stopped testing against Sandbox APN server, but would still work against Production. Since there is only one type of VoIP certificate which should work on both Sandbox and Production, we assume there was a hiccup on Apple's side.
We contacted Apple's Tech team, but they referred us to their generic documentation on Tech Note TN2265 (https://developer.apple.com/library/archive/technotes/tn2265/_index.html).
Today (March 14) VoIP certificate magically started authenticating against both Prod and Sandbox like it normally did before March 9.
Please try again and see if your problem is resolved.
Are you using the same or separate certificates for your development vs production APNS? If you're using different certs, check to make sure your development certificate doesn't hasn't expired.
If you're using the same certificate, ensure that your server configuration matches the correct certificate and app id information. If either is wrong it will fail.
These are the usual issues I've run into with this kind of problem.
Good morning, this is my first time dealing with an expiring iOS distribution certificate, so please pardon my noob question :(
I have personal unreleased apps running on my phone and Apple TV that are using this certificate. I was curious if theres a way to renew/create a new certificate that will not require me to reinstall these apps to my phone/Apple TV?
What is the normal process you do when your certificate is expiring?
Thank you in advance!
The apps don't use the certificate, the distributions certificates are only necessary to validade when sending an app. Your certificate can be revoked/expired and nothing will happen with your installed application or even ( if is the case ) your application on AppStore.
The only certificate that you need to care more is the PushNotification one, because if this one get expired/revoked your push server can't send notifications.
My Xcode has both development and distribution certificates that it manages by itself. I don't know how it picks either of the certificates when I build and run my project. I'm using Apple Push Notification Service in conjunction with Amazon. I ask for a device id from Apple and send it to Amazon where it can be used to publish notifications to Apple and then to my device. It seems that when I switch between debug and release mode, somehow a wrong certificate is used because Apple rejects the token id that I had just gotten from them and passed to Amazon. I've read that this could be due to the incompatibility between development and distribution environments on both platforms, meaning that both platforms should work in development or distribution.
I'm sure that the Amazon one is set to distribution because I manage it myself. But I don't know the token that I got from Apple has given to me by the development or the distribution certificate because Xcode manages it. Is there a way for me to know what certificate Xcode uses at any given time? And is there a way that I can specify it for Xcode? Thanks!
P.S. The app used to work fine in both development and distribution environments before, and I haven't made change in this regard other than switching between debug and release.
My app is not released yet, so you couldn't find it in the App Store. But it is being used by a group of private beta users (through the iOS TestFlight service). And it is hitting my production server, which is the reason for the question.
In the situation described above, what .p12 do I use? the Dev certificate or the Distribution certificate? I am asking because I am not clear on whom the distinction is for. As far as my server is concerned I don't care which one is used. I just need to send push notifications, and as long as the users get them, I am happy. And since I am using my production server, I figure I should use the production/distribution certificate. But I have a suspicion that my server -- dev or production -- has nothing to do with it. And which certificate I use may entirely have to do with the App Store. So will someone please clarify for me? Thanks.
From http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1
Development If your app is running in Debug mode and is signed with the Development provisioning profile (Code Signing Identity is “iPhone Developer”), then your server must be using the Development certificate.
Production Apps that are distributed as Ad Hoc or on the App Store (when Code Signing Identify is “iPhone Distribution”) must talk to a server that uses the Production certificate. If there is a mismatch between these, push notifications cannot be delivered to your app.
I have posted this question on SO since I think it is the most logical place to find people with a lot of experience with the iOS Enterprise program.
For my company, we are developing an in-house app. We would like to deploy this app with the minimum effort required on the user's side <1>, as it should be possible to quickly install it for incoming colleagues. Additionally, we can't always guarantee an up and running internet connection at install time <2>. The in-house app is to be downloaded on our premises from a webserver through wifi.
We are currently not enrolled in the enterprise program, as we're investigating whether or not our goals can be realized.
As for <1>, what we've found is that UDIDs are not necessary to include in the provisioning profile for enterprise deployment. What is needed, is a provisioning profile. Now, here are my first concrete questions:
are any additional steps necessary before a provisioning profile can be installed?
can the provisioning profile be embedded within the app as can be done for OTA betas? This would save a user the step of installing the profile.
For <2>, the following issues come to mind:
here it states that access is needed to ax.init.itunes.apple.com and ocsp.apple.com. The former for querying the max allowable GPRS app file size. It doesn't sound relevant when your goal is to distribute over wifi, but the page says "If this site isn’t reachable, installation may fail." so it does concern me a bit. The latter one seems less severe as it is stated that "Inability to contact or get a response from the OCSP server isn’t interpreted as a revocation", which means that it should be possible to not contact this server right away.
I'm assuming that I can use any URL scheme to point to a local server that provides the app bundle and that there are no restrictions on server configuration.
Summarizing the two: is it possible to install an in-house app from a local server without a functioning internet connection?
Thanks for the help; it's greatly appreciated. As I have no prior experience with Enterprise deployment, it is tough to be confident that I'm not missing out on the nitty gritty details in Apple's documentation.
Provisioning profile can be embedded.
Your employee's devices requires internet connection when they are downloading the app, so that the device can contact Apple servers you mentioned.