Upgrade to Ubuntu LTS 20.04 and APN Apple Push Notification

michaelhusar
Contributor II

Maybe it helps someone else :-)
We did a do-release-upgrade to Ubuntu LTS 20.04 and thereby broke APN

Jamf was very helpful in pointing out that you need a missing cert:

cd /usr/local/share/ca-certificates
sudo wget https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem
sudo mv GeoTrust_Global_CA.pem GeoTrust_Global_CA.crt
sudo update-ca-certificates
reboot

Thanks again for the great support

5 REPLIES 5

bentoms
Release Candidate Programs Tester

@michaelhusar was this when APNS over binary or HTTP/2?

michaelhusar
Contributor II

Over HTTP/2
(We already activated HTTP/2 before the upgrade.)

echave
New Contributor III

How did you notice? I recently (past month) upgraded to Ubuntu 20.04 as well and am having an issue with Mac App Store apps failing to install (invalid status code). iOS apps work fine however, as do computer policies. I noticed the server's /usr/local/share/ca-certificates is empty which gives me pause.

raphaelfink
New Contributor

The cert is correct, but i had to add it also to the keystore of openjdk with the following command:

sudo keytool -importcert -alias GeoTrust_Global_CA -keystore /usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security/cacerts -file GeoTrust_Global_CA.crt

The default password for the keystore is "changeit" :-)

michaelhusar
Contributor II

@echave MDM Management Commands did not go through and iOS devices could not enrolled (ADE and Enrollment customization) - we found also this error in the log:
2021-02-26 10:10:50,435 [ERROR] [Thread-9125] [Http2ApnsService ] - Sending push notification failed
com.jamfsoftware.apns.exception.ApnsPushSentFailException: Sending push notification is disabled

After the "fix": /usr/local/share/ca-certificates# ls
GeoTrust_Global_CA.crt