Well, that will change in the future. Apple has an HTTP/2 based interface, once that is used, by AeroGear UPS, it should be OK to just use on cert.

More info, here: AGPUSH-1452