[CalendarServer-users] APNS configuration for ccs-calendarserver

[Steven Smith]

I have a working APNS service on a mail server and would like to configure a working ccs-calendarserver for APNS.

I have all the valid APNS certificates and keys—both in my System Keychain and as pkcs12 and PEM files—but haven’t been able to figure out the right calendarserver configuration to get APNS up and running on ccs-calendarserver. I also have the full TLS chain of trust from https://www.apple.com/certificateauthority/ and have verified that all certs are valid.

It’s not clear what the APNS settings should point to: PEM files? System Keychain items?

For example, when I use PEM files in the configuration as shown immediately below, I get this error when I launch calendar server:
> Cannot retrieve CalDAV APNS passphrase from keychain


calendarserver.plist (just showing CalDAV section):
>             <key>APNS</key>
>             <dict>
>                 <key>Enabled</key>
>                 <true/>
>                 <key>CalDAV</key>                                                                       
>                 <dict>                                                                                  
>                     <key>CertificatePath</key>                                                          
>                     <string> /var/calendarserver/Library/CalendarServer/etc/apns/com.apple.calendar.cert.pem </string>             
>                     <key>PrivateKeyPath</key>                                                           
>                     <string> /var/calendarserver/Library/CalendarServer/etc/apns/com.apple.calendar.key.pem </string>                            
>                     <key>AuthorityChainPath</key>                                                       
>                     <string> /var/calendarserver/Library/CalendarServer/etc/apns/com.apple.calendar.chain.pem  </string>                                                                                                       
>                 </dict>                                                                                 

What should the settings for CertificatePath, PrivateKeyPath, and AuthorityChainPath point to? Also, I see the settings Passphrase, KeychainIdentity, and Topic in https://github.com/apple/ccs-calendarserver/blob/master/conf/caldavd-stdconfig.plist . Should these be set as well? To what settings?

I should be very having working APNS on calendarserver, but don’t see any documentation for the configuration and am unsure what the correct magic incantation is. 

When I get this up and running, I’ll amend the MacPorts PR for ccs-calendarserver to include APNS.

Relevant PRs:
• https://github.com/macports/macports-ports/pull/4978
• https://github.com/macports/macports-ports/pull/5482

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-users/attachments/20191013/b6de2ded/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3898 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/calendarserver-users/attachments/20191013/b6de2ded/attachment.bin>