Jamf Nation Community

michaelhusar · ‎03-03-2021

Maybe it helps someone else :-)
We did a do-release-upgrade to Ubuntu LTS 20.04 and thereby broke APN

Jamf was very helpful in pointing out that you need a missing cert:

cd /usr/local/share/ca-certificates
sudo wget https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem
sudo mv GeoTrust_Global_CA.pem GeoTrust_Global_CA.crt
sudo update-ca-certificates
reboot

Thanks again for the great support

bentoms · ‎03-03-2021

@michaelhusar was this when APNS over binary or HTTP/2?

michaelhusar · ‎03-03-2021

Over HTTP/2
(We already activated HTTP/2 before the upgrade.)

echave · ‎03-04-2021

How did you notice? I recently (past month) upgraded to Ubuntu 20.04 as well and am having an issue with Mac App Store apps failing to install (invalid status code). iOS apps work fine however, as do computer policies. I noticed the server's /usr/local/share/ca-certificates is empty which gives me pause.

raphaelfink · ‎03-19-2021

The cert is correct, but i had to add it also to the keystore of openjdk with the following command:

sudo keytool -importcert -alias GeoTrust_Global_CA -keystore /usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security/cacerts -file GeoTrust_Global_CA.crt

The default password for the keystore is "changeit" :-)

michaelhusar · ‎03-21-2021

@echave MDM Management Commands did not go through and iOS devices could not enrolled (ADE and Enrollment customization) - we found also this error in the log:
2021-02-26 10:10:50,435 [ERROR] [Thread-9125] [Http2ApnsService ] - Sending push notification failed
com.jamfsoftware.apns.exception.ApnsPushSentFailException: Sending push notification is disabled

After the "fix": /usr/local/share/ca-certificates# ls
GeoTrust_Global_CA.crt

Jamf Nation Community

Upgrade to Ubuntu LTS 20.04 and APN Apple Push Notification