What steps do I need to do to be able to debug the app using a distribution push certificate?
We currently have an app already published into the app store and the server is using a distribution certificate. However, when I run the app from Xcode, it uses a development certificate. This means that I cannot receive pushes, and therefore cannot debug issues related to pushes.
What and where do I need to set something, so that Xcode starts using the distribution push certificate?
Xcode version is 12.4
here are the stepps I take to create certificates and Provisioning Profiles for APNS.
Thankful they kept this amazing Ray Wenderlich post alive
The steps are the same for development and distribution.
Edit: if you made the APNS switch successfully from port 2195 to the new port 443 I'd love to learn how! Still getting command line errors when testing a connection using the generated SSL certificate.
Related
I generated a universal push certificate ("Apple Push Notification service SSL (Sandbox & Production)"), which works correctly on production (enterprise distribution).
However, when I use it with a development app (when I install it from Xcode) it doesn't work, and I get the error "The credentials supplied to the package were not recognized" (a PushSharp error).
My old development-only certificate does work.
Any ideas?
When you take build from Xcode, it will treat the app as development build and will use only the development certificates for app and APNS.
If you want to test the production APNS certficate you need to take an Adhoc build.
Solved it.
My problem was pretty silly - I had a check in the code if the certificate is production or development. It returned 'production' because universal certificate matches the condition there.
Then it tried to treat it as a production app when it wasn't.
My second problem was that PushSharp requires the .p12 file to be exported only from the private key (select only the private key in the KeyChain and select "Export"), while Apple instruct to select both the certificate and the private key to export the .p12.
While running the app by connecting directly to Xcode, it executes well and we are able to receive notifications. But while distributing the build via diawi or dropbox by using enterprise Distribution Certificate we get notification error as
"Failed Registering for push notifications. no valid apns certificate found"
It was working fine upto last week.
Please refer the screenshot. Checked with Xcode 6.3 and 7.2. But same error exists.
Please suggest how to resolve this?
There are 2 different certificates for APNS configuration.
Development Certificate (Sandbox APNS environment) can be used only with development provisioning profile.
Production Certificate (Production environment) will be used along with production provisioning profile.
If you directly install app from Xcode (debug mode) then it will use development profile. If you archive then production provisional profile to distribute from diawi or another medium. You have to use appropriate certificate at server side for APNS implementation.
I have a production iOS App that I can send development push notifications (APNs) no problem from my production API environment. The issue is when I archive the app and publish to the App Store the push notifications never work from the App downloaded from Itunes from my production API environment.
I have set up Certificate for APN distribution
I create the PEM file
from the certificate.
APN are enabled in Xcode > Capabilities
In Apple's Document here "Troubleshooting Push Notifications"
https://developer.apple.com/library/ios/technotes/tn2265/_index.html#//apple_ref/doc/uid/DTS40010376-CH1-TNTAG21
"When using Xcode to submit an app, Xcode will re-sign it using the
code signing identity and associated provisioning profile you select.
So the signature of the submitted app and its contents might be
different than what's in the Xcode archive."
Then
Here's how to check the signature for an iOS app being submitted to
the App Store:
I follow the instructions but not sure what I should be looking for specifically when running this command?
codesign -d --entitlements :- "Payload/YourApp.app"
Also when I try and test this before submitting app by going to Xcode > Window > Organizer and with the list of archives I will export the Itunes Production Archive by the following means:
Save for iOS App Store Deployment
Sign and Package application for distribution in the iOS App Store
I export the ipa file and will install via Itunes to my iphone. However my production deployment build never completes installing on my iphone before being removed (Icon will show installing progress but then disappear)
So I'm not too sure how to test deployment push notifications (not development push notifications as that I can do) without submitting new build for review in Itunes Connect?
So what usually is the issue with Production Deployments not being able to send Push Notifications when development will work? (Same device identifier code, Same API environment etc)
How can I test deployment push notifications (not development) before submitting archive to Itune Connect?
The main reason production pushes don't work while dev ones do is you have broken the
"Push Rule of Three".
There are two sets of triplets:
a) Prod app - Prod gateway - Prod certificate
b) Dev app - Dev gateway - Dev certificate
You can't mix and match these together, if you have any combination that isn't either 3 Production things or 3 Dev things then the push won't work.
This is the "Push Rule of Three".
Prod App/Dev App
When you build/run via Xcode its a Dev app. When you
create an archive and make an ad-hoc distribution or publish to the
app store its a Prod app.
Prod Gateway / Dev Gateway
This is the prod gateway:
ssl://gateway.push.apple.com:2195
And this is the dev gateway:
ssl://gateway.sandbox.push.apple.com:2195
Prod cert / Dev cert
You need to use the Apple provisioning portal to generate a Dev cert and a Prod cert and sign your server with as appropriate (you can combine both the prod cert and prod key and dev cert and dev key into a single .pem file which makes it convenient to sign the server with both).
One other thing to bear in mind is that when creating the archive, in the Xcode code signing section, the provisioning profile must be set to a properly created distribution profile.
I think the best tutorial on Pushes is Ray Wenderlich's.
https://www.raywenderlich.com/123862/push-notifications-tutorial
This goes over the profile and the certificates and gets you to a position where something is working, however one huge omission of this tutorial is that it does not mention the Rule Of Three
In your situation, if you can send a push from your server to an Xcode build as indicated in your comments then it means two things:
1) You are using Apple's dev gateway. You MUST change that gateway to be able to send a push to a production build.
2) Your server has been signed with the development certificate. Your server MUST also be signed with the production certificate.
So you must have broken the rule of three, fix that and see if things work.
I tested my ios app with development certificate its working when when i run an app with xcode..Later on before submission i created a distribution certificate and changed the push settings with new p12 file and distribution certificate.. pushes were unable to reach the device after that while running from xcode .. my query is
with the distribution certificate..am i able to send pushes only if the app is downloaded from app store? can't i test it by running the app from xcode before submitting?
You do need to use a distribution certificate to test the production APNS environment. You have a couple of options:
1) Create an ad hoc build.
2) Create your app store build and submit the app to TestFlight. You can then install the app with TestFlight without having to go through the app approval process. This is the best way to test production settings, APNS, CloudKit etc.
You can not debug these production builds in Xcode of course, so you may want to add some other logging etc to diagnose issues you run into.
You will have to create the IPA using the distribution certificate to test the push notifications in production environment. Its not possible to test the push notifications from the XCode build when you are signing the app with distribution certificate.
I have a certificate problem when install app with OTA deployment site in intranet.
The OTA site is not SSL, it works fine with iOS 6.x, but it just failed to install in iOS 8 with certificate problem.
We don't use MDM for deployment and I have tried to use self-signed certificate to build a SSL OTA site, but it still failed.
I want to ask if there is any advise to fix this problem?
Thank you very much!
You have to use a real SSL certificate with new iOS versions. Using self-made certificate might work if you install it on the devices, but I haven't tried this.
Note that the actual ipa doesn't have to be on a SSL secured site, only the plist file. And you could use 3rd party file storing services to host that file and have the ipa on another server.