The IBM Sametime Proxy Server uses a local certificate to correctly connect to the Apple push notification service (aka APNS) so that you can see a chat request inside your IOs mobile notification screen (otherwise you have to open the IBM Sametime chat app directly to see the chat).
This is gateway.push.apple.com via port 2195 and feedback.push.apple.com via port 2196.
Because the local certificate has a limited date it will expire may the 5th 2016 and you need to exchange the certificate file on your server (with the updated certificate).
Just download the new apns certificate from the IBM fixcentral website
IBM documentation: Updated security certificate for Push Notifications (iOS)
To check if the new certificate is working just use (and download) the APNSTest tool „New Sametime Proxy APNs test application“ from collaborationben site
java -jar apnstest.jar -k apns-prod.pkcs12
Beware you need three things to work to connect to APNS
- You need to resolve the dns addresses for gateway.push.apple.com and feedback.push.apple.com
- You need to be able to connect to these addresses via port 2195 and 2196 (entire 188.8.131.52/8 net)
IP Address Range Used by the Push Service
- You need a valid apns certificate
Alternatively you could update to the latest Sametime Proxy fix from april 2016, but you have to update the Sametime System Console first to fix april 2016.
Sametime System Console Hotfix – ST30.25 build or 9.0.1 [April 2016]
Cumulative Hotfix for Sametime Proxy -ST30.25 build or 9.0.1 [April 2016]
- gateway.push.apple.com:2195 = Apple notification server host name and port are used by the Sametime Proxy Server to send Sametime instant messages, meeting invitations, and announcements to iPhone users. When a user pauses receipt of messages, the Sametime Proxy Server database holds messages until the user views the messages or the mobile device’s pause time expires.
- feedback.push.apple.com:2196 = Apple feedback service keeps track of which iPhone mobile devices are still valid and sends the information to the Sametime Proxy Server.