iOS Push - Generating APN certs - MacOS 10.14

lukekenny

Member
Jan 24, 2018
18
3
3
Melbourne, Australia
cPanel Access Level
Root Administrator
Having wanted to set up iOS push email for a while, I have finally got my hands on a Mac. It's running MacOS 10.14 and the version of Server I can buy is 5.7.1

The cPanel documentation states however that the process for generating the APN certificate using Server may not work for this latest version of MacOS.

I'm guessing it says "may" because the note was added when the current version was in beta. Is there a final outcome on this?

I googled and found another way to generate the APN certificate was to have a Apple Developer Account, which seems to come at quite some expense. Is there another option?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello @lukekenny,

We've since confirmed that you cannot create APNs certificates in macOS Server® 5.7.1 (required for the macOS® Mojave 10.14 operating system). Unfortunately, I'm not aware of any additional alternatives to generating the APN certificates at this time. I recommend requesting this feature in macOS Server 5.7.1 on Apple's feedback forum.

We have an internal case open (DOC-11761) to update our documentation to reflect this information.

Thank you.
 

MajorLancelot

Well-Known Member
Dec 17, 2014
64
5
133
Shinjuku-ku, Tokyo, Japan
cPanel Access Level
Root Administrator
This documentation at this URL: How to Set Up iOS Push Notifications - cPanel Knowledge Base - cPanel Documentation. is dated and has no relevance to MacOS Server v5.7.1.

You can also see: Push Notifications With Alternatives to D… - Apple Community

These may be relevant Apple docs:
Setting Up a Remote Notification Server | Apple Developer Documentation
Sending Notification Requests to APNs | Apple Developer Documentation

Essentially to get a certificate for iOS Push Notifications with MacOS Server v5.7.1, you need Apple Developer which is $99.00.
 

MajorLancelot

Well-Known Member
Dec 17, 2014
64
5
133
Shinjuku-ku, Tokyo, Japan
cPanel Access Level
Root Administrator
Have you or have you seen reference to anyone completing this process through an Apple Developer account? Does it allow the creation of a certificate signed for mail, or just notifications for a custom app?
Hi, Luke.

I haven't seen but I'm pretty sure Apple wouldn't remove such important feature from MacOS Server without having a way to accomplish the same.

Might be a wrong assessment but wouldn't hurt to confirm.

That's a task for the cPanel team though.

They can also ask Apple for a waiver or find a way to make this happen.

You can request to have the annual membership fee waived if you’re a nonprofit organization, accredited educational institution, or government entity that will distribute only free apps on the App Store and is based in an eligible country.
Apple Developer Program Membership Fee Waivers

We actually paid the $99.00 2 years ago, used it for this and while it does enhance user's experience, I didn't the courage to spend that kind of money for just an iOS Push certificate.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
This documentation at this URL: How to Set Up iOS Push Notifications - cPanel Knowledge Base - cPanel Documentation. is dated and has no relevance to MacOS Server v5.7.1.
Hi @MajorLancelot,

The update to this document (per case DOC-11761 referenced earlier) was published yesterday and includes the inclusion of the following note:

  • You cannot create APNs certificates in macOS Server® 5.7.1 (required for the macOS® Mojave 10.14 operating system). For more information, read Apple's macOS Server 5.7.1 upgrade documentation. You request that Apple includes this feature in macOS Server 5.7.1 on Apple's feedback forum.
We have made another attempt to reach out to Apple directly with this concern, but have yet to hear back. We're tracking that request as part of internal case CPANEL-23739. I'll update this thread again once we hear back from Apple.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello, is there an alternative to generate the certificate? On our server the certificate expires in 8 days...
Hi @Gonzalo Diaz,

There's currently no workaround that allows the creation of APNs certificates in macOS Server® 5.7.1 or newer. You'd need to generate/create the APNs certificates on an previous version.

Thank you.
 

WhiteDog

Well-Known Member
Feb 19, 2008
142
6
68
Is there any update to this? My certificate is expiring too in a few weeks.

I'm willing to sign up for the Apple Development Program (99$) to get this certificate but from what I read this gets you a .p8 certificate where WHM needs a .p12. I'll assume these can be converted? If not, any support for .p8 coming and/or will this feature remain supported in the future? If there is an alternative, maybe update th instructions?

I don't think 99$ per year to cover all your servers is a high price and this feature really does give an edge over regular IMAP support, so do hope this can remain in the future.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello @WhiteDog,

There's no update from Apple to report at this time. As far as generating the certificate with the Apple Development Program, the reports I see suggest the Apple Enterprise Development Program ($299 per year) is required to do this, and even then Apple does not clearly state whether it's supported. The most common workaround I'm seeing is for one to temporarily install the older MacOS server version on a VM once per year:

macOS Server v5.7 no longer supports APSP Mail etc. Certificates · Issue #46 · st3fan/dovecot-xaps-daemon

I'll update this thread as soon as we know more.

Thank you.
 

WhiteDog

Well-Known Member
Feb 19, 2008
142
6
68
Hello Michael,

As a workaround I indeed created a VM today for this.
I'll remember this day as "even throwing money at Apple no longer works".

See you in a year!... but not before leaving some tips:
- To download High Sierra, use this link: https://itunes.apple.com/us/app/macos-high-sierra/id1246284741?mt=12
- After the download, convert it to an iso. I found these instructions to work best: Create a Mac OS High Sierra ISO – The Panzero IT Blog
- Good instructions on how to set up VirtualBox can be found here: How can I install a macOS VM Guest under VirtualBox on a Mac host? (most importantly using
VBoxManage to match the model of your host system + getting past the UEFI prompt after the first reboot). I used the latest VirtualBox 6.

Took me an hour or 2 to piece this together, with above tips anyone doing this can be done a bit faster.
 

lukekenny

Member
Jan 24, 2018
18
3
3
Melbourne, Australia
cPanel Access Level
Root Administrator
I was able to load up a macOS Sierra and separately a macOS Mojave VM Ware image, purchase Server in Mojave, then install the earlier version in Sierra. I didn't need to download Server first in Mojave, the Apple Store in Sierra just offered to install the most recent compatible version when I clicked install, which is the version that contains the required key. Seems to work OK. For now.
 
  • Like
Reactions: cPanelMichael

uk01

Well-Known Member
Dec 31, 2009
201
19
68
Thanks @WhiteDog - I followed your first two links to generate an ISO file.

However, I then did the following:

1 - Created 50gb partition and called it highsierraboot
2 - Created another partition and called it sierrainstall
3 - Double clicked the iso to launch the installer
4 - In disk utility click "restore" to sierrainstall and select the installer
5 - Select start up disk as sierrainstall (which is now called "install macOS high sierra")
6 - Reboot
7 - You'll then be able to install high sierra on partition highsierraboot
8 - Once done and booted go to app store and purchases, download OSX Server. It'll say are you sure you want an older version.
9 - Once installed, server lets you get an APN certificate as before.

Reboot back to Mojave and remove sierrainstall partition if you wish, but keep highsierraboot for next year!
 
Last edited:
  • Like
Reactions: cPanelMichael

alioundie

Registered
Jul 27, 2019
1
0
1
berlin
cPanel Access Level
Website Owner
is there an alternative to generate the certificate?
Having wanted to set up iOS push email for a while, I have finally got my hands on a Mac. It's running MacOS 10.14 and the version of Server I can buy is 5.7.1

The cPanel documentation states however that the process for generating the APN certificate using Server may not work for this latest version of MacOS.

I'm guessing it says "may" because the note was added when the current version was in beta. Is there a final outcome on this?

I googled and found another way to generate the APN certificate was to have a Apple Developer Account, which seems to come at quite some expense. Is there another option?
 

ramorse

Well-Known Member
Sep 6, 2003
255
5
168
cPanel Access Level
Root Administrator
In WHM -> Home »Service Configuration »Manage Service SSL Certificates the iOS Mail Push Notification has expired. Neither the data center where the server is leased nor cPanel support has been helpful in getting it updated. I do not have access to a MacOS Server. And even if I did, apparently, according to cPanel support, I would also need a "Paid Apple Developer Account". WTH?

Anyone else ever find themselves in such a situation? Any resolution?

TiA
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello @ramorse,

I moved your post into this thread. You can find a workarounds on the following posts:


Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Yeah, thanks. I read that thread. The workaround is quite involved and requires access to hardware that I do not have.
We're continuing to monitor this issue as part of internal case CPANEL-23739. I don't have a specific time frame to share on a permanent solution, but I'll update this thread as soon as new information is available. The instructions linked in my previous response remain are the only available workarounds applicable at this time.

Thank you.