[CalendarServer-users] Possible to do push notify using cert from Server.app?

Andre LaBranche dre at apple.com
Tue Aug 14 16:44:53 PDT 2018


Comments inline...

> On Aug 14, 2018, at 3:23 PM, Richard Johnson <raj at mischievous.us> wrote:
> Hi all!
> I have been running my own calendar/contacts server on a MacOS X system using Apple's Server.app for many years.  I have now installed my own "calendarserver" installation on my own Linux (Ubuntu) system and that's working fine, but without push notify for calendar updates, it really doesn't update to my iPhone at all, until I look at it each day!

Check in Settings --> Accounts & Passwords --> Fetch New Data (at the bottom). Tap the account in question and set it to "Fetch" if it's not already there, then in the previous screen ("Fetch New Data"), scroll to the bottom and configure the fetch interval.

> I know that there's a open source push_notify for postfix and I believe I've read about the same for calendarserver.  I know that I need a push notify certificate from Apple and that usually that's available only with a developer's account.  I've also read that Apple's iPhone/iPad, etc., doesn't support push notifications from anything other than iCloud or the X Server (which I take to mean "Server.app").

Not exactly accurate. APNS push is the only push mechanism available on iOS - that is true, and it's used by every iOS app that implements push, from every vendor. Server.app is not involved at all in any aspect of the push implementation for any iOS user apps from any vendor - with three exceptions: Apple's Calendar.app, Contacts.app, and Mail.app. Those apps place additional restrictions on which push certificates they will honor, and they all honor push certs provisioned by Server.app because Server can host the corresponding services. In the case of Calendar / Contacts, they only honor certs provisioned via Server.app, or certs provisioned internally by Apple for the iCloud calendar servers.

The constraint on the push cert doesn't apply if you decide to use a different calendar client app. Unfortunately, there's still another big problem: CalendarServer's push implementation is now firmly considered "legacy" and deprecated (on the push server and provisioning side). This basically means it could stop working at any time.

> I'm wondering if it's at all possible to use my existing cert from my Server.app installation and make use of it under calendarserver on Linux?

We've been pretty coy about this for a long time, because actually doing this is probably a violation of some EULA... but at this point (in the lifecycle of the project - yet another subtle hint) I'm just going to say it: yes, transplanting the APNS certs is possible (but I can't give you the specific steps).

>  If this should work, I'm willing to spend the time to figure it all out and get it working, but I also don't want to waste a lot of time on something which doesn't have a chance!

I wouldn't advise doing this for the reasons stated in my previous email on this topic:

>> Since APNS certs have to be renewed annually, I would expect the exclusive macOS Server cert portal to remain operational for existing installations, at least for a while, but probably not indefinitely (I honestly can’t predict how long that might be).

> Also, if this solution won't work going forward, then I should just resign myself to storing my info on iCloud, I guess.  I really don't like doing that, but maybe it's the only way?

It's probably the easiest way overall, and definitely is the easiest way if you're intent on using Calendar.app (because it's the only way).

> I've read through Apple Migration document and it really doesn't help at all.  I clearly states that there is currently no solution to the push notify issue for any type of migration!

It's the truth. There's a lot that *isn't* in that document, though, such as discussion of CalDAV service options other than CalendarServer. I can summarize that for you in one hyperlink:


There are multiple options that aren't iCloud and that support push. Note also that Calendar.app on macOS knows how to import and export calendar data <https://support.apple.com/guide/calendar/import-or-export-calendars-icl1023/mac>, and this process can be useful for moving your data to a new server that you don't administer, where there is no possibility of migrating the backend directly. The migration doc doesn't quite say this out loud with respect to Calendar.app, but does for Contacts.app. After doing that, there's no requirement to keep using Calendar.app - you could use any other compatible client.

Be aware that using Calendar.app to move data to a different service might not be advisable if the events have organizer / attendees, because that means some of the relevant state is stored outside of your account, which means you cannot re-create that state on another server by yourself. For more details, see page 39 of the migration guide <https://developer.apple.com/support/macos-server/macOS-Server-Service-Migration-Guide.pdf>, under the "Moving macOS Server Calendar or Contacts service data to some other service" heading.

If your events DON'T have organizer / attendee, then the data produced by the calendarserver_export tool described on page 39 should be effectively the same as what is generated by Calendar.app's export function, and should be safe to import as-is to another service.

Hope this helps,

> /raj
> _______________________________________________
> calendarserver-users mailing list
> calendarserver-users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/calendarserver-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-users/attachments/20180814/6dc1b0d4/attachment.html>

More information about the calendarserver-users mailing list