Update

We’re excited to confirm that Courier customers are unaffected by this update. Notifications sent via APNS with P8 keys or P12 certificates work seamlessly, and no changes are required.

Read more about what we tested

---

What’s Changing

Apple is updating its Push Notification service (APNs) certificates to use the USERTrust RSA Certification Authority (SHA-2 Root). Key dates include:

• Sandbox: January 20, 2025
• Production: February 24, 2025

To keep push notifications working, you must update your server’s Trust Store to include the new certificate authority. Both old and new certificates should remain trusted during the transition. Read Apple’s official announcement here.

We’ll update this post with details for `node-apn` and similar packages after January 20. Be sure to bookmark this post!

Using Courier? No Changes Are Needed

Courier has already implemented these changes, so you don’t need to worry. Notifications will flow seamlessly with no extra work on your part. Courier also lets you design and manage notification templates effortlessly. Explore Courier’s resources to get started:

• Courier Website
• Courier iOS SDK
• Courier Android SDK
• Courier React Native SDK
• Courier Flutter SDK

If you are not using Courier, here's what you need to do:

How to Update Your Server

If you’re updating manually, follow these steps:

Step 1: Download the New Certificate

Get the USERTrust RSA Certification Authority (SHA-2) certificate from Apple’s official site or a trusted source.

Step 2: Update Your Trust Store

Unix/Linux Servers:

1. Locate your ca-certificates directory (e.g., /etc/ssl/certs/).
2. Copy the certificate:

sudo cp /path/to/USERTrustRSA.crt /etc/ssl/certs/

4. Update certificate hashes:

sudo c_rehash

6. Restart your server.

Windows Servers:

1. Open Microsoft Management Console (MMC) and add the Certificates snap-in.
2. Navigate to "Trusted Root Certification Authorities."
3. Right-click and select "Import," then follow the wizard.
4. Restart your server.

Step 3: Test the Update

• Sandbox Testing: Begin testing on January 20, 2025. Check server logs for SSL errors or issues.
• Monitor Logs: Regularly review logs to catch problems early.

For .p8 Key Users

If you’re using .p8 keys for APNs authentication, no changes are required for your app’s code. However, you still need to:

• Update your server’s Trust Store.
• Test notifications in sandbox mode starting January 20.

Risks of Not Updating

Skipping these updates may cause:

• Push Failures: Notifications won’t be delivered.
  
  • Solution: Test thoroughly in sandbox mode.
• SSL Errors: Unreliable connections due to missing certificates.
  
  • Solution: Use SSL tools like SSL Labs to verify configurations.
• User Impact: Downtime can frustrate users and hurt engagement.
  
  • Solution: Monitor closely during the transition.

Tips for a Smooth Transition

1. Start Early: Test in the sandbox environment ahead of production updates.
2. Trust Both Certificates: Load old and new certificates during the transition.
3. Document Testing: Record your tests and fixes for reference.

Key Dates to Remember

• Sandbox Testing Starts: January 20, 2025
• Production Update: February 24, 2025

By preparing now, you’ll ensure your push notifications continue without interruption. If you need help, consult Apple’s documentation or contact your notification provider. Let’s make 2025 a seamless year for your app’s notifications!