Push Notifications With Alternatives to Deprecated Server Services

I just spoke with Enterprise support, who told me that it will still be possible to create push notification certificates at https://identity.apple.com/pushcert/.

However, there is no Apple documentation on how to create APNS certificates for the open source Mail/Contacts/Calendar alternatives.

It appears that going forward it may be possible to replicate APNS certificate creation by hand (once per year) using Keychain Access to generate the correctly configured certificates and a CSR that can be uploaded to https://identity.apple.com/pushcert/ for signing.

These certificates could then be used in the configuration of a self-hosted mail and calendar server that is patched to support APNS.

Does anyone know how to create a correctly formatted APNS certificate from Keychain Access that can be signed by Apple? My own certificates at https://identity.apple.com/pushcert/ look like this. If this approach works, I expect that one would need to generate APNS certificates for apns:com.apple.calendar, apns:com.apple.contact, and apns:com.apple.mail. This would be easy to script once the details are determined.

server.domain.tld - apns:com.apple.calendar

server.domain.tld - apns:com.apple.contact

server.domain.tld - apns:com.apple.mail

server.domain.tld - apns:com.apple.mgmt

server.domain.tld - apns:com.apple.alerts

Also, here’s a blog post on configuring Cyrus to use APNS: https://www.tzeejay.com/blog/2018/03/project-xapplepushservice/.

In the meantime and without documentation or a working example, it is necessary to remain on High Sierra and Server version 5.6 to preserve iOS push notifications.

It appears that APNS is lying dead along with Server in Mojave. See this dovecot repo, https://github.com/matthewpowell/pushnotify#a-note-about-mojave-and-ios-12:

macOS 10.14 no longer includes the Mail server component and cannot be used to generate a suitable push certificate. Although 10.14 uses push notifications for device management, it appears that iOS mail will not accept notifications that do not use the com.apple.mail topic.

Push notifications continue to work on iOS 12 using a certificate generated on 10.13 or earlier.

It does appear that APNS is dead along with Server.app for open source mail servers. See this thread for details: https://github.com/st3fan/dovecot-xaps-daemon/issues/46

The only approach left is to file a report at https://bugreport.apple.com/ and request that Server.app version 5.7 and beyond provide support to generate bundled Mail/Calander/Contacts APNS certificates that can be exported and used to configure open source servers.

I’m specifically looking for open source server options with push notifications to iOS devices to replace the macOS Server stack. For example, dovecot+postfix+spamassassin+… on OpenBSD.

Before migrating away from Server version 5.6, I’m weighing the decision to use a self-hosted server or VPS, or a cloud service like Fastmail (which comes with APNS in its Cyrus stack). MS Exchange and Kerio look like rock solid enterprise options, but these solutions and cost basis exceed my requirements by an order of magnitude.

If APNS can be preserved with open source MTAs, there are excellent OpenBSD-based server options out there. I had my eye on a few Supermicro ITX mini server board solutions that are competitively priced and run at Gbps and 10 Watts, but now it would be wise to wait to see whether Bloomberg’s supply chain reporting or Apple’s and other’s strong repudiations hold up. Supermicro has this fanless atom system (unknown whether it’s tainted by the reported supply chain hack):

• SUPERMICRO MBD-A1SRi-2758F-O Mini ITX Server Motherboard DDR3 1600/1333 - Newegg.com
• https://www.amazon.com/gp/product/B00HS4NLHA/

In the meantime, any pointers to running an open source mail/calendar/contact server that supports push notifications to iOS would be much appreciated.