Your Apple Push Services will expire in 30 days

Question

I got the following e-mail today:

Dear – –,

This certificate will no longer be valid in 30 days. To create a new certificate, visit Certificates, Identifiers & Profiles in your account.

Certificate: Apple Push Services

Identifier: – – –

Team Name: – – – –

To learn more about expired certificates, visit the certificates support page.

Best regards,
Apple Developer Relations

In Apple Developer it's under

Certificates, Identifiers & Profiles>Certificates>Production

and looks like this:

What will I have to do now? Revoke and create a new one? Will Push Notifications still work?

Answer 1

You need to renew Push Notification Certificate. Here are the steps:

1. Login to Developers account -> Certificates, IDs & Profiles and verify the expiring certificate.

2. Go to Identifiers -> App IDs -> Click on the AppId -> Scroll down to Push Notifications -> Edit -> Click 'Create Certificate' under 'Production SSL Certificate'.

3. Create certificate signing request from Keychain Access in your Mac:

   • Launch Keychain Access -> Choose Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
   • In the Certificate Assistant dialog, enter an email address in the User Email Address field.
   • In the Common Name field, enter a name for the key
   • Leave the CA Email Address field empty.
   • Choose “Saved to disk”, and click Continue and save it in computer.

4. Go back to Apple developer site and upload the CSR created in above step -> Continue -> Download the certificate on your mac.

5. Double click on the downloaded cert to install it in Keychain in your Mac.

6. Open Keychain Access -> Certificates -> The new cert and its private key should be listed there.

7. Export the certificate for your push notification client: Right click on the cert in the Keychain Access-> select "Export Apple Push Certificate : " -> leave the password empty -> save as P12 file.

8. Login to OneSignal -> App -> Settings -> verify the expiration date -> click Edit -> browse the P12 file saved earlier.

9. Revoke the old APNs certification from the developers account.

For step 8 and 9, if you don't use OneSignal, it's the same process where you need to upload the exported p12 file in that third party push service client's app settings.

Answer 2

When a certificate expires it can no longer be used to send push notifications. Each App ID can have 2 development and 2 production push SSL certificates at a time. Create a new certificate and add them to your App ID in the Apple Developer Center.

Add the new certificate to any services you use to send push notifications. Once those services are updated with the new certificate you can revoke the expiring one.

Answer 3

If you are using Spring Boot Autoconfiguration, you can take a peek at DefaultHttpLogWriter and create your own HttpLogWriter that logs on your desired level:

@Configuration
public class LoggingConfig {

  @Bean
  public HttpLogWriter httpLogWriter() {
    return new InfoLevelHttpLogWriter();
  }

  static class InfoLevelHttpLogWriter implements HttpLogWriter {

    private final Logger log = LoggerFactory.getLogger(Logbook.class);

    @Override
    public boolean isActive() {
      return log.isInfoEnabled();
    }

    @Override
    public void write(final Precorrelation precorrelation, final String request) {
      log.info(request);
    }

    @Override
    public void write(final Correlation correlation, final String response) {
      log.info(response);
    }

  }

}