Several days ago I've received an email from apple:
On December 22, 2010, the production Apple Push Notification service will begin to use a 2048-bit TLS/SSL certificate that provides a more secure connection between your provider server and the Apple Push Notification service.
To ensure you can continue to validate your server's connection to the Apple Push Notification service, you will need to update your push notification server with a copy of the 2048-bit root certificate from Entrust's website. This will not require a change to your iOS apps -- this update only applies to provider servers.
If you have been successfully validating the certificate chain in the APNs sandbox environment, you already have the root certificate you need. Simply install the same root certificate on your production push provider servers.