iOS Push - Generating APN certs - MacOS 10.14

[lukekenny]

Having wanted to set up iOS push email for a while, I have finally got my hands on a Mac. It's running MacOS 10.14 and the version of Server I can buy is 5.7.1

The cPanel documentation states however that the process for generating the APN certificate using Server may not work for this latest version of MacOS.

I'm guessing it says "may" because the note was added when the current version was in beta. Is there a final outcome on this?

I googled and found another way to generate the APN certificate was to have a Apple Developer Account, which seems to come at quite some expense. Is there another option?

 

[cPanelMichael]

Hello @lukekenny,

We've since confirmed that you cannot create APNs certificates in macOS Server® 5.7.1 (required for the macOS® Mojave 10.14 operating system). Unfortunately, I'm not aware of any additional alternatives to generating the APN certificates at this time. I recommend requesting this feature in macOS Server 5.7.1 on Apple's feedback forum.

We have an internal case open (DOC-11761) to update our documentation to reflect this information.

Thank you.

 

[MajorLancelot]

This documentation at this URL: How to Set Up iOS Push Notifications - cPanel Knowledge Base - cPanel Documentation. is dated and has no relevance to MacOS Server v5.7.1.

You can also see: Push Notifications With Alternatives to D… - Apple Community

These may be relevant Apple docs:
Setting Up a Remote Notification Server | Apple Developer Documentation
Sending Notification Requests to APNs | Apple Developer Documentation

Essentially to get a certificate for iOS Push Notifications with MacOS Server v5.7.1, you need Apple Developer which is $99.00.

 

[lukekenny]

Have you or have you seen reference to anyone completing this process through an Apple Developer account? Does it allow the creation of a certificate signed for mail, or just notifications for a custom app?

 

[MajorLancelot]

Have you or have you seen reference to anyone completing this process through an Apple Developer account? Does it allow the creation of a certificate signed for mail, or just notifications for a custom app?

Hi, Luke.

I haven't seen but I'm pretty sure Apple wouldn't remove such important feature from MacOS Server without having a way to accomplish the same.

Might be a wrong assessment but wouldn't hurt to confirm.

That's a task for the cPanel team though.

They can also ask Apple for a waiver or find a way to make this happen.

You can request to have the annual membership fee waived if you’re a nonprofit organization, accredited educational institution, or government entity that will distribute only free apps on the App Store and is based in an eligible country.

Apple Developer Program Membership Fee Waivers

We actually paid the $99.00 2 years ago, used it for this and while it does enhance user's experience, I didn't the courage to spend that kind of money for just an iOS Push certificate.

 

[cPanelMichael]

This documentation at this URL: How to Set Up iOS Push Notifications - cPanel Knowledge Base - cPanel Documentation. is dated and has no relevance to MacOS Server v5.7.1.

Hi @MajorLancelot,

The update to this document (per case DOC-11761 referenced earlier) was published yesterday and includes the inclusion of the following note:

• You cannot create APNs certificates in macOS Server® 5.7.1 (required for the macOS® Mojave 10.14 operating system). For more information, read Apple's macOS Server 5.7.1 upgrade documentation. You request that Apple includes this feature in macOS Server 5.7.1 on Apple's feedback forum.

We have made another attempt to reach out to Apple directly with this concern, but have yet to hear back. We're tracking that request as part of internal case CPANEL-23739. I'll update this thread again once we hear back from Apple.

Thank you.

 

[Gonzalo Diaz]

Hello, is there an alternative to generate the certificate? On our server the certificate expires in 8 days...

 

[cPanelMichael]

Hello, is there an alternative to generate the certificate? On our server the certificate expires in 8 days...

Hi @Gonzalo Diaz,

There's currently no workaround that allows the creation of APNs certificates in macOS Server® 5.7.1 or newer. You'd need to generate/create the APNs certificates on an previous version.

Thank you.

 

[WhiteDog]

Is there any update to this? My certificate is expiring too in a few weeks.

I'm willing to sign up for the Apple Development Program (99$) to get this certificate but from what I read this gets you a .p8 certificate where WHM needs a .p12. I'll assume these can be converted? If not, any support for .p8 coming and/or will this feature remain supported in the future? If there is an alternative, maybe update th instructions?

I don't think 99$ per year to cover all your servers is a high price and this feature really does give an edge over regular IMAP support, so do hope this can remain in the future.

 

[cPanelMichael]

Hello @WhiteDog,

There's no update from Apple to report at this time. As far as generating the certificate with the Apple Development Program, the reports I see suggest the Apple Enterprise Development Program ($299 per year) is required to do this, and even then Apple does not clearly state whether it's supported. The most common workaround I'm seeing is for one to temporarily install the older MacOS server version on a VM once per year:

macOS Server v5.7 no longer supports APSP Mail etc. Certificates · Issue #46 · st3fan/dovecot-xaps-daemon

I'll update this thread as soon as we know more.

Thank you.

 

[WhiteDog]

Hello Michael,

As a workaround I indeed created a VM today for this.
I'll remember this day as "even throwing money at Apple no longer works".

See you in a year!... but not before leaving some tips:
- To download High Sierra, use this link: https://itunes.apple.com/us/app/macos-high-sierra/id1246284741?mt=12
- After the download, convert it to an iso. I found these instructions to work best: Create a Mac OS High Sierra ISO – The Panzero IT Blog
- Good instructions on how to set up VirtualBox can be found here: How can I install a macOS VM Guest under VirtualBox on a Mac host? (most importantly using
VBoxManage to match the model of your host system + getting past the UEFI prompt after the first reboot). I used the latest VirtualBox 6.

Took me an hour or 2 to piece this together, with above tips anyone doing this can be done a bit faster.

 

[JLafranca]

Hi WhiteDog,

thank you for this extremely helpful guide. Was able to do it in 1.5 hours, just as you predicted

 

[lukekenny]

I was able to load up a macOS Sierra and separately a macOS Mojave VM Ware image, purchase Server in Mojave, then install the earlier version in Sierra. I didn't need to download Server first in Mojave, the Apple Store in Sierra just offered to install the most recent compatible version when I clicked install, which is the version that contains the required key. Seems to work OK. For now.

 

[uk01]

Thanks @WhiteDog - I followed your first two links to generate an ISO file.

However, I then did the following:

1 - Created 50gb partition and called it highsierraboot
2 - Created another partition and called it sierrainstall
3 - Double clicked the iso to launch the installer
4 - In disk utility click "restore" to sierrainstall and select the installer
5 - Select start up disk as sierrainstall (which is now called "install macOS high sierra")
6 - Reboot
7 - You'll then be able to install high sierra on partition highsierraboot
8 - Once done and booted go to app store and purchases, download OSX Server. It'll say are you sure you want an older version.
9 - Once installed, server lets you get an APN certificate as before.

Reboot back to Mojave and remove sierrainstall partition if you wish, but keep highsierraboot for next year!

 

[alioundie]

is there an alternative to generate the certificate?

Having wanted to set up iOS push email for a while, I have finally got my hands on a Mac. It's running MacOS 10.14 and the version of Server I can buy is 5.7.1

The cPanel documentation states however that the process for generating the APN certificate using Server may not work for this latest version of MacOS.

I'm guessing it says "may" because the note was added when the current version was in beta. Is there a final outcome on this?

I googled and found another way to generate the APN certificate was to have a Apple Developer Account, which seems to come at quite some expense. Is there another option?

 

[lukekenny]

is there an alternative to generate the certificate?

Other than the process outlined in this thread of spinning up a VM with an older version of MacOS and installing the earlier version of Mac Server? It doesn't seem so, but at least this works.... for now.

 

[ramorse]

In WHM -> Home »Service Configuration »Manage Service SSL Certificates the iOS Mail Push Notification has expired. Neither the data center where the server is leased nor cPanel support has been helpful in getting it updated. I do not have access to a MacOS Server. And even if I did, apparently, according to cPanel support, I would also need a "Paid Apple Developer Account". WTH?

Anyone else ever find themselves in such a situation? Any resolution?

TiA

 

[cPanelMichael]

Hello @ramorse,

I moved your post into this thread. You can find a workarounds on the following posts:

iOS Push - Generating APN certs - MacOS 10.14

Having wanted to set up iOS push email for a while, I have finally got my hands on a Mac. It's running MacOS 10.14 and the version of Server I can buy is 5.7.1 The cPanel documentation states however that the process for generating the APN certificate using Server may not work for this latest...

forums.cpanel.net

iOS Push - Generating APN certs - MacOS 10.14

Having wanted to set up iOS push email for a while, I have finally got my hands on a Mac. It's running MacOS 10.14 and the version of Server I can buy is 5.7.1 The cPanel documentation states however that the process for generating the APN certificate using Server may not work for this latest...

forums.cpanel.net

Thank you.

 

[ramorse]

Yeah, thanks. I read that thread. The workaround is quite involved and requires access to hardware that I do not have.

 

[cPanelMichael]

Yeah, thanks. I read that thread. The workaround is quite involved and requires access to hardware that I do not have.

We're continuing to monitor this issue as part of internal case CPANEL-23739. I don't have a specific time frame to share on a permanent solution, but I'll update this thread as soon as new information is available. The instructions linked in my previous response remain are the only available workarounds applicable at this time.

Thank you.