When setting up Fastlane Match, I broke push notifications (production and staging) on my iOS application (the nuke command probably did it). Production was logging the errors correctly.
I generated new certificates with the Fastlane pem command for both production "com.app.prod" and staging "com.app.qa". It generates new "production" Apple Push Services certificates on the Apple dev site and creates the needed pem files.
I converted the prod pem file to the correct p12 file with the openssl pkcs12 -export -in "production_com.app.prod.pem" -out "com.app.prod.p12" command and openssl pkcs12 -export -in "production_com.app.qa.pem" -out "com.app.qa.p12" for staging. Uploaded both to AWS SNS service (no sandbox) with no issues.
This fixed the production server. It worked with our old application (before the certificate changes) and the new version.
But our Testflight staging application was still broken. It did not work with the old or the new version of the iOS application. No errors are coming through. The application registers correctly with the Apple Push Notification service (APNs) and sends the token to our server. Manually pushing a message with an AWS endpoint does not work either but it says it was successfully sent.
Tried regenerating the certificates (made sure I'm uploading the correct ones). I'm using the same iOS device for all my testing. Our Android notifications are still working fine on staging.
Tried http://pushtry.com, says it was successful but never got any message.
Also tried the command openssl s_client -connect gateway.push.apple.com:2195 -cert "production_com.app.qa.pem" -key "production_com.app.qa.pem", with no errors returned.
I'm lost where the issue could be or how I could debug this further. So any suggestions will be helpful.
Related
I'd like to create a certificate from Apple developer account and use it to sign Apple Wallet passes / passbook. So I can implement a server to generate the wallet passes to serve up my mobile app.
The challenge to me is I'm on linux (Ubuntu to be specific). There are a bunch of npm modules as far as I can see, that can be used to implement a server to generate the pass but the first step is to create a certificate from Apple. So my question is it seems to me that is not even possible without a Mac? Does anyone know if it is even possible to create that certificate from a linux machine like Ubuntu?
Thanks
You do not create the certificate yourself, you create a private key and certificate signing request and upload the certificate signing request to Apple. They then issue a certificate that matches your private key.
This can be done on any operating system using OpenSSL. When creating the CSR you can provide any values as Apple will ignore them and replace with the PassTypeIdentifier, Team Name and Team Id.
The OpenSSL commands you need are:
openssl genrsa -out /path/to/my-private-key.pem 2048
openssl req -new -key /path/to/my-private-key.pem -out /path/to/my-request.csr
I've upload my app on TestFlight and trying to make voice call using twilio and it's throwing Error - 52134 Invalid APNs device token. I've been reading a lot of tutorials on fixing it but despite all my effort I've been able to fix. In sandbox it worked fine though.
I've done followings:
1) Created a new .certSigningRequest from keychain access
2) Generated new VoIP Services Certificate using above on https://developer.apple.com/account/ios/certificate/distribution/create
3) Added certificate in keychain, Exported .p12 file from keychain
4) Followed instructions on https://github.com/twilio/voice-quickstart-swift to run those three commands to generate key and cert
5) On twilio created a new Push Credential and added Certificate and key by copying and pasting
6) SANDBOX is unticked
7) Change CREDENTIAL SID in my server backend
8) Restarted server
I'm using automatic manage signing so I'm assuming everything should be alright there.
Regarding "APS Environment: production", I'm assuming xCode will make it production automatically when uploaded on TestFlight. I can see that it is included.
Despite all of above I'm still getting this freaking error APS Environment: production
I'm aware that the solution of this problem, in 99% cases, is to regenerate cert but right now I'm stuck. I've tried it two times already.
Not sure what else I can do to fix this issue?
i followed this way. it works for both sandbox and live.
To Create Twilio Certificate. follow this instructions.
STEP 1:
1. An Apple Developer membership to be able to create the certificate.
2. Make sure your App ID has the “Push Notifications” service enabled.
3. Create a corresponding Provisioning Profile for your app ID.
4. Create an Apple VoIP Services Certificate for this app by navigating to Certificates -> Production and clicking the + on the top right to add the new certificate (choose voip cert at the bottom).
5. Download the certificate, export the .p12 from keychain.
STEP 2:
Then follow these steps, by navigating to the folder where you added your .p12.
1. openssl pkcs12 -in liveVoip.p12 -nocerts -out key.pem
2. openssl rsa -in key.pem -out key.pem
3. openssl pkcs12 -in liveVoip.p12 -clcerts -nokeys -out cert.pem
4. openssl pkcs12 -in liveVoip.p12 -out VOIP.pem -nodes -clcerts
in Twillio console, Go to the Push Credentials page and create a new Push Credential. Paste the certificate and private key extracted from your certificate. You must paste the keys in as plaintext:
For the cert.pem you should paste everything from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----.
For the key.pem you should paste everything from -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY-----.
Remember to check the “Sandbox” option. This is important. The VoIP Service Certificate you generated can be used both in production and with Apple's sandbox infrastructure. Checking this box tells Twill to send your pushes to the Apple sandbox infrastructure which is appropriate with your development provisioning profile.
Once the app is ready for store submission, update the plist with “APS Environment: production” and create another Push Credential with the same VoIP Certificate but without checking the sandbox option
STEP 3: To test that your app receives notification, get the device token, open terminal, go to the folder where you added .p12. use this to trigger the voip notification manually.
apn push "<XXXXXX XXXXXX XXXXXX XXXXXX XXXXXX XXXXXX e8aafbd9>" -c VOIP.pem -m "Testing VoIP" -p
NOTE: Sometimes twilio tells invalid apns token. but still we are able to get the voip notification.
I was facing with similar issue. The problem was with credentials token decoding.
For iOS 12 (and earlier version) + Xcode 10
let deviceToken = (credentials.token as NSData).description
For iOS 13
let deviceToken = credentials.token.map { String(format: "%02x", $0) }.joined()
More informations: https://github.com/twilio/voice-quickstart-swift/issues/281
Try killing the voice quickstart app manually and restarting. After doing so, I started being able to receive phone calls after downloading via Test Flight on my phone.
The issue comes from testing the app via Xcode on the same device that you're now trying to test via Test Flight.
I was running into the exact same problem. Even after following Karthik's answer, and creating a new iOS SDK Credential in the Twilio Console, and updating my server for the new credential SID, I still was getting the "Error - 52134 Invalid APNs device token".
I did some more digging, and found this issue on the Github page for twilio/voice-quickstart-ios repo.
Here is what the Twilio engineer said:
"Thanks for reaching out to us.
This is a commonly seen issue when the device is used previously with development entitlement and later in a production environment. We have observed that in this case the device token returned in the PushKit delegate method will be for the previous environment (development entitlement device token) when launching the TestFlight app for the first time. Although registration still works since both the device token format and the Push Credential SID are valid, but error will happen when Twilio tries to send the notification delivery request to APNS.
Ideally this will only happen to the dev devices and to resolve this you simply need to relaunch the TestFlight app then it should be able to receive incoming call notifications.
Hope this helps."
You still need to create the same Push Credentials in Twilio Console with the sandbox checkbox unchecked, and update the credential SID on the server.
I am using OpenSSL to secure a socket connection in an IOS application.
Currently, I am using SSL_CTX_load_verify_locations to point OpenSSL at a cacert.pem file containing root certificates, but keeping this file fresh is hard.
How does one go about integrating OpenSSL with the IOS Operating System maintained certificate store?
With a .pem file I setup OpenSSL to validate the cert like this
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_load_verify_locations(ctx,"cacert.pem",NULL);
I don't think IOS has a convenient cacert.pem file so I think the correct approach is to perform my own validation and pass SSL_VERIFY_NONE to prevent OpenSSL attempting to verify the certificate, and implement some kind of check using the verify_callback?
I'm trying to get my server to deliver push notifications via Apple's Push Notification service. (APNs)
My setup is as follows:
Cordova HTML/JS app
API in Rails on VPS via https
Houston gem for Push Notifications
I've created a certificate for development on my mac. When I run my server locally it successfully sends the notification to my iPhone.
I'm now trying to get it working on my server but without luck. I've generated a CSR locally, uploaded it in Apple's iOS App ID's editor and downloaded the CER. I then exported the CER to p12 with Keychain Access and converted that to a PEM file with the following command:
openssl pkcs12 -in apn_production.p12 -out apn_production.pem -nodes -clcerts
Houston needs this PEM file to send push notifications, I've done the same for development and it worked, but it needs to send from a server now, which could be the problem, I don't get any errors though. The notifications just don't arrive, which could be a production/development mistake I'm making.
I also tried creating a CSR file on my server and upload that via the iOS App ID's editor, but when I download the CER and open it in Keychain Access I'm not able to export it to P12, only to CER, PEM and P7B. Also there isn't a private key in this file, which there is within my locally created development certificate. Also when I export it to PEM and use it with Houston on my server it throws an error that the certificate is invalid.
Another thing I tried was upload the CSR generated by my VPS on the Apple Push Certificates Portal. This throws an error mentioning the certificate is invalid.
There's a couple things I'm not sure of:
1. Am I in development or production mode?
The app is not yet in the app-store, but it is in beta mode to download via TestFlight and push notification need to be send from my server. Is this a production environment or development or do I need to define this manually somewhere before building the App?
2. Is it possible to use a locally generated CSR for a PEM to be used on my server?
Am I right that I need a server generated CSR to start with when I finally need a PEM to send push notifications with from my server?
3. What do do now, how should I debug?
The PEM generated from my locally generated CSR is now uploaded to my server and Houston doesn't throw errors whatsoever. The push notifications don't arrive though, so, what should I do, can I trace these push notifications somewhere? Is there some APN logfile which I can read?
1) You need to use production certificates for sending push notifications via test flight.
2) You do not need a server generated CSR. You only need a valid ".pem" for sending push notification.
3) You need to remove sanbox (sandbox mode) from push notification url in push sending script. Also check if port 2195 of your server is open for communication or not because APNS communicates via this port.
I am going to use a linux server for push notifications.
Is the following correct?
Generate a CSR of the linux server
Upload the file to Apple to generate a cert
Change this cer to pem and then conbine with my private key pem of linux
Use the combined pem in my code
Is this correct? Since I get confused by the Apple document, I can now only test push notifications in my mac book, and can't test on other servers.
You don't have to generate the CSR on your linux server.
You can use the pem or p12 file you created (using your mac book) on any server.
If your code works when you test it on your mac book, it will work on any server. You just have to copy the pem or p12 file to that server.