Hello everyone! Today, I want to share my experience in resolving an expired APN (Apple Push Notification) certificate issue. It started with a slightly panicky message from my boss, who informed me that one of our clients reported a bug – they hadn’t been receiving push notifications since September 2023, although all other system transactions were still functioning normally.
I immediately checked the OneSignal dashboard since I use this service to handle configurations for both Android and iOS platforms. Sure enough, I saw an alert indicating that the APN certificate I used had expired, which looked like this.
Following OneSignal's suggested links and instructions, I was directed to the right documentation. Previously, I had been using a .p12 credential type, which has an expiration limit. I decided to switch to the .p8 type, which doesn’t have this expiration issue.
Understanding Token-Based (.p8) and Certificate-Based (.p12) Connections to APNs (Apple Push Notification Service)
APNs is Apple’s system for sending notifications to iOS devices (like iPads and iPhones). It’s also used to send notifications to native macOS apps and Safari Web Push.
Apple provides two authentication methods to establish a secure connection to APNs:
- Certificate-Based Authentication (using a .p12 certificate)
- Token-Based Authentication (using a .p8 key), which is the newer and more flexible method.
Here’s a comparison table outlining the differences:
| Authentication Type | Required Fields | Expires? | Easy to use? |
|---|
| Token-Based (.p8) | - .p8 file - Key ID (10-character string) - Team ID - App Bundle ID (app-specific) | No. | Yes. Tokens can be generated in the Apple Developer panel and then uploaded to OneSignal. |
| Certificate-Based (.p12) | - .p12 file - Private Key Password | Yes. Requires annual renewal in the Apple Developer center. | No. Requires a precise process to generate valid certificates. |
Switching to .p8 cleared the warning, and I tested sending notifications via Postman – success! Issue resolved.