Flash (Alert)
Abstract
Before October 2012, Sametime administrators must download and apply the latest security certificate for iOS traffic. If Push Notifications have stopped working for the native iOS client, this could be due to the SSL certificate for connecting to the APNS server having expired.
Content
The Sametime Proxy server ships with an SSL certificate to allow for push notifications to occur securely for the Sametime Mobile Chat client for Apple iOS via the Apple Push Notification Service (APNS). The current certificate expires 3 October 2012. Before that date, Sametime administrators should download and apply an updated certificate to continue expected functionality for users.
Problem that occurs with expired certificate
If the certificate in use by the Sametime Proxy server has expired, users of the native iOS chat client will no longer receive push notifications. Users might describe the symptom as receiving messages only when the application is in the foreground or that notifications are not sent to the device when the Sametime client application is in the background.
The issue can be identified in the server logs by the following error.
"APNSService W com.ibm.collaboration.realtime.stproxy.services.APNS.APNSService startAPNS CLFRX0079W: Unable to establish an SSL connection to the APNS service Connection refused: connect"
Installation Instructions
Download the updated certificate 8521-ST-Proxy-IF-OOSN-8WGHAZ from IBM Fix Central.
To avoid the problem, copy the provided keystore to the appropriate location. Because there are two types of installations, you need to determine which you have and apply the appropriate steps for that type.
- Stand-alone/Cell installation
If you chose this type of installation, then you have a deployment manager (dmgr) as well as a nodeagent and server all on the same operating system.
To resolve the problem, follow these steps:
1. Copy the provided apns-prod.pkcs12 file to the following directory:
../IBM/WebSphere/AppServer/profiles/[dmgrProfileName]/config/cells/[cellName]/nodes/[stProxyNodename]/
*Note that this is the dmgr profile, NOT the Application profile
2. Stop the STProxyServer
3. Stop the nodeagent
4. Start the nodeagent
5. Start the STProxyServer
- Network (Primary Node) installation
This type of installation typically means that you are using the Sametime System Console (SSC) as the dmgr. The steps are as follows (basically the same as above):
1. Copy the provided apns-prod.pkcs12 file to the following directory on the SSC operating system file system:
../IBM/WebSphere/AppServer/profiles/[SSCdmgrProfileName]/config/cells/[SSCcellName]/nodes/[stProxyPNNodename]/
*Note that this is the SSC dmgr profile, NOT the SSC Application profile
2. Stop the STProxyServer
3. Stop the nodeagent
4. Start the nodeagent
5. Start the STProxyServer
Network (Secondary Nodes)
If you have any secondary nodes, you need to copy the apns-prod.pkcs12 file to ALL secondary node directories on the SSC dmgr. The secondary node directories are found in the same place as the primary node directory was found:
../IBM/WebSphere/AppServer/profiles/[SSCdmgrProfileName]/config/cells/[SSCcellName]/nodes
Once copied to the secondary nodes, make sure to restart the nodeagent and STProxyServer as you did for the primary node.
Related information
Updated SSL Certificate on Fix Central
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.