Error: unable to load client certificate private key file - ios

I am trying to check if my certificate is correct and trying to do a handshake with:
openssl s_client -connect gateway.push.apple.com:2195 -cert cert.pem -key privateKey.pem
I am getting an error:
unable to load client certificate private key file
4452410816:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

Related

Error In Push Notification on Distribution

I have implement the push notification after create the ck.pem file on development end. But when i create on distribution end then we check the ck.pem file is correct or not.I have error show below:-
pksinghs-Mac-mini:SchoolPush pksingh$ php /Users/pksingh/Desktop/SchoolPush/simplepush.php
Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Warning: stream_socket_client(): Failed to enable crypto in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Warning: stream_socket_client(): unable to connect to ssl://gateway.push.apple.com:2195 (Unknown error) in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Failed to connect: 0
pksinghs-Mac-mini:SchoolPush pksingh$
i have ck.pem file and pushnofication.php in same folder on desktop.
Can anybody help me.
Find the tutorial for how to create certificate and implement notification from below link
https://www.raywenderlich.com/123862/push-notifications-tutorial
you can use below command to create certificate
so there are something wrong in creating distribution certificate
Use below command to create certificate
openssl x509 -in aps_production.cer -inform der -out PushChatCert.pem
openssl pkcs12 -nocerts -out PushChatKey.pem -in Certificates_dist.p12
cat PushChatCert.pem PushChatKey.pem > ck_dist.pem
openssl s_client -connect gateway.push.apple.com:2195 -cert PushChatCert.pem -key PushChatKey.pem
where
aps_production.cer = downloaded from developer apple
Certificates_dist.p12 = Exported from your keychain after installing aps_production.cer

Getting stuck with Creating .p12 push certificate file for Bluemix push

With reference to this post: Devices being unregistered after push is sent, I have the same issue - my iPhone device is unregistered after sent a push notification. I tried the suggestion from that post, and I did this with my certificates:
-ios_development.cer - Development profile downloaded from Apple
-Certificates.p12 - APNS .p12 exported from the keychain
-openssl x509 -in ios_development.cer -inform DER -out apns.pem -outform PEM
-openssl pkcs12 -nocerts -in Certificates.p12 -out Certificates.pem
-openssl pkcs12 -export -inkey Certificates.pem -in apns.pem -out bluemixPush_dev.p12
and I got this error:
unable to load private key
97354:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/crypto/evp/evp_enc.c:330:
97354:error:0906A065:PEM routines:PEM_do_header:bad decrypt:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/crypto/pem/pem_lib.c:428:
Is anyone having the same issue?
#Jan As your private key is wrong, you are getting that error. Please follow the steps mentioned in the below link to create a .p12 certificate.
https://console.ng.bluemix.net/docs/services/mobilepush/t_push_provider_ios.html#create-push-credentials-apns-ssl

Verify return code: 20 (unable to get local issuer certificate) while creating push notification P EM file

I am creating PEM file for Production APNS , and i have done this several time before .
But i am facing an error on terminal while testing my PEm file from below command :
$ openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem
It gives me :
Verify return code: 20 (unable to get local issuer certificate)
as response.
I have tried so many times but did not identify the problem .
May be it is because of my distribution certificates created on diffrent Mac .
But i am not sure .
Any help suggestion will be helpfull.
The developer link asks to include -CAfile server-ca-cert.pem, which does'nt work either.
All other options of indicating the CAfile gave me errors like 'unable to load certificate'.
The below actually worked for me after trying other options.
openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem -CAfile entrust_2048_ca.cer
This solution gives 'Verify return code: 0 (ok)'.
On an additional note: You can also specify the .key file as the -key value & it will work too i.e. something like, ref here
openssl s_client -connect gateway.push.apple.com:2195 -cert myCert.pem -key myprivatekey.key -CAfile entrust_2048_ca.cer
You need to give a CA certificate as CAfile commandline argument to s_client. The trusted root certificate for the push servers is the Entrust CA (2048) root certificate which you can download from Entrust's site.
$ openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem -CAfile entrust_2048_ca.cer
For more information and other possible reasons, please, check Apple developer guide Troubleshooting Push Notifications.

Error while converting public key in pem format to der format in terminal in mac

I have created public private key pair for SSL connection using terminal in mac. I have used following commands to create private key and extracting public key from it:
# Create public-private key pair
openssl genrsa -out mykey.cer 1024
# Extract public key
openssl rsa -in mykey.cer -out public.pem -outform PEM -pubout
Now to use public key in my iPhone app I need to convert it to der format. But when I try to convert it with following command I am getting an error:
openssl x509 -in public.pem -outform der -out cert.der
**unable to load certificate
27928:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-52.20.2/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE**
I am using this link to create a SSL connection with server.
I believe the command to convert a public key from PEM to DER format is
openssl rsa -pubin -in public.pem -outform der -out cert.der
(your choice of output filename cert.der is misleading. It's a public key, not a certificate, public.der would be better)

create p12 certificate with production certificate

I using following comment to generate p12 file,
openssl x509 -in developer_identity.cer -inform DER -out developer_identity.pem -outform PEM
openssl pkcs12 -nocerts -in mykey.p12 -out mykey.pem
openssl pkcs12 -export -inkey mykey.pem -in developer_identity.pem -out iphone_dev.p12
p12 file was generated successfully for development but it wont work for distribution...
I got error in the last step, asking password for mykey.pem file after give password it shows
"No certificate matches private key"
Enter pass phrase for mykey.pem:
No certificate matches private key
Can any one help me with this?
I change .cer file for distribution but forget get .p12 file from keychain for distribution...
after get .p12 file from keychain its working.

Resources