Apple Push Notification service server certificate update

Please provide the following:

  1. SDK Version: 39.0.3
  2. Platforms(Android/iOS/web/all): iOs
  3. Add the appropriate “Tag” based on what Expo library you have a question on.

Hello, my company received the following email from Apple:

We are using expo-notifications in our React Native app, and I’m just curious if this will effect anything using expo-notifications, or if there’s anything that needs to be updated on our end, or if this will be handled internally. Any advice is appreciated, thank you!

7 Likes

I strongly believe that certificate has to be updated into the push notification server which connects to Apple’s push notification servers (https://api.push.apple.com).

So, no changes needed in the app.

However if your back end is triggering the Push notification directly using APN and FCM then you’ll have to add certificate.
This would help:
https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server/

If the push notifications are sent using Expo’s Push API, then need not do anything in back end as well. Of-course this is assuming Expo Push API service will add the new root certificate in their server

If any of Expo’s dev can confirm this that would be great.

5 Likes

Yes, that is correct!

  • If you use Expo’s Notification service (API or server SDK), you won’t have to change anything. We are ready for the upcoming certificate change.
  • If you use directly use APN/FCM APIs, you have to validate if you are using the proper root certificates from the servers you are calling this API from.

From Apple:

If your provider server runs macOS, the GeoTrust Global CA root certificate is in the keychain by default. If your provider server runs macOS 10.14 or later, the AAA Certificate Services root certificate is in the keychain by default.

Hope this helps!

2 Likes

Thank you for the confirmation!

Do I need to make any code changes on my server for this update?
Answer: No code changes are needed, and the use of the new certificate should be automatic once it is installed. But do keep in mind that on March 31st, the legacy binary protocol will no longer function, and if you are not using the new HTTP/2 protocol already, you will need code changes to support that change independent of the certificate update.