I've upload my app on TestFlight and trying to make voice call using twilio and it's throwing Error - 52134 Invalid APNs device token. I've been reading a lot of tutorials on fixing it but despite all my effort I've been able to fix. In sandbox it worked fine though.
I've done followings:
1) Created a new .certSigningRequest from keychain access
2) Generated new VoIP Services Certificate using above on https://developer.apple.com/account/ios/certificate/distribution/create
3) Added certificate in keychain, Exported .p12 file from keychain
4) Followed instructions on https://github.com/twilio/voice-quickstart-swift to run those three commands to generate key and cert
5) On twilio created a new Push Credential and added Certificate and key by copying and pasting
6) SANDBOX is unticked
7) Change CREDENTIAL SID in my server backend
8) Restarted server
I'm using automatic manage signing so I'm assuming everything should be alright there.
Regarding "APS Environment: production", I'm assuming xCode will make it production automatically when uploaded on TestFlight. I can see that it is included.
Despite all of above I'm still getting this freaking error APS Environment: production
I'm aware that the solution of this problem, in 99% cases, is to regenerate cert but right now I'm stuck. I've tried it two times already.
Not sure what else I can do to fix this issue?
i followed this way. it works for both sandbox and live.
To Create Twilio Certificate. follow this instructions.
STEP 1:
1. An Apple Developer membership to be able to create the certificate.
2. Make sure your App ID has the “Push Notifications” service enabled.
3. Create a corresponding Provisioning Profile for your app ID.
4. Create an Apple VoIP Services Certificate for this app by navigating to Certificates -> Production and clicking the + on the top right to add the new certificate (choose voip cert at the bottom).
5. Download the certificate, export the .p12 from keychain.
STEP 2:
Then follow these steps, by navigating to the folder where you added your .p12.
1. openssl pkcs12 -in liveVoip.p12 -nocerts -out key.pem
2. openssl rsa -in key.pem -out key.pem
3. openssl pkcs12 -in liveVoip.p12 -clcerts -nokeys -out cert.pem
4. openssl pkcs12 -in liveVoip.p12 -out VOIP.pem -nodes -clcerts
in Twillio console, Go to the Push Credentials page and create a new Push Credential. Paste the certificate and private key extracted from your certificate. You must paste the keys in as plaintext:
For the cert.pem you should paste everything from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----.
For the key.pem you should paste everything from -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY-----.
Remember to check the “Sandbox” option. This is important. The VoIP Service Certificate you generated can be used both in production and with Apple's sandbox infrastructure. Checking this box tells Twill to send your pushes to the Apple sandbox infrastructure which is appropriate with your development provisioning profile.
Once the app is ready for store submission, update the plist with “APS Environment: production” and create another Push Credential with the same VoIP Certificate but without checking the sandbox option
STEP 3: To test that your app receives notification, get the device token, open terminal, go to the folder where you added .p12. use this to trigger the voip notification manually.
apn push "<XXXXXX XXXXXX XXXXXX XXXXXX XXXXXX XXXXXX e8aafbd9>" -c VOIP.pem -m "Testing VoIP" -p
NOTE: Sometimes twilio tells invalid apns token. but still we are able to get the voip notification.
I was facing with similar issue. The problem was with credentials token decoding.
For iOS 12 (and earlier version) + Xcode 10
let deviceToken = (credentials.token as NSData).description
For iOS 13
let deviceToken = credentials.token.map { String(format: "%02x", $0) }.joined()
More informations: https://github.com/twilio/voice-quickstart-swift/issues/281
Try killing the voice quickstart app manually and restarting. After doing so, I started being able to receive phone calls after downloading via Test Flight on my phone.
The issue comes from testing the app via Xcode on the same device that you're now trying to test via Test Flight.
I was running into the exact same problem. Even after following Karthik's answer, and creating a new iOS SDK Credential in the Twilio Console, and updating my server for the new credential SID, I still was getting the "Error - 52134 Invalid APNs device token".
I did some more digging, and found this issue on the Github page for twilio/voice-quickstart-ios repo.
Here is what the Twilio engineer said:
"Thanks for reaching out to us.
This is a commonly seen issue when the device is used previously with development entitlement and later in a production environment. We have observed that in this case the device token returned in the PushKit delegate method will be for the previous environment (development entitlement device token) when launching the TestFlight app for the first time. Although registration still works since both the device token format and the Push Credential SID are valid, but error will happen when Twilio tries to send the notification delivery request to APNS.
Ideally this will only happen to the dev devices and to resolve this you simply need to relaunch the TestFlight app then it should be able to receive incoming call notifications.
Hope this helps."
You still need to create the same Push Credentials in Twilio Console with the sandbox checkbox unchecked, and update the credential SID on the server.
Related
I'd like to create a certificate from Apple developer account and use it to sign Apple Wallet passes / passbook. So I can implement a server to generate the wallet passes to serve up my mobile app.
The challenge to me is I'm on linux (Ubuntu to be specific). There are a bunch of npm modules as far as I can see, that can be used to implement a server to generate the pass but the first step is to create a certificate from Apple. So my question is it seems to me that is not even possible without a Mac? Does anyone know if it is even possible to create that certificate from a linux machine like Ubuntu?
Thanks
You do not create the certificate yourself, you create a private key and certificate signing request and upload the certificate signing request to Apple. They then issue a certificate that matches your private key.
This can be done on any operating system using OpenSSL. When creating the CSR you can provide any values as Apple will ignore them and replace with the PassTypeIdentifier, Team Name and Team Id.
The OpenSSL commands you need are:
openssl genrsa -out /path/to/my-private-key.pem 2048
openssl req -new -key /path/to/my-private-key.pem -out /path/to/my-request.csr
When setting up Fastlane Match, I broke push notifications (production and staging) on my iOS application (the nuke command probably did it). Production was logging the errors correctly.
I generated new certificates with the Fastlane pem command for both production "com.app.prod" and staging "com.app.qa". It generates new "production" Apple Push Services certificates on the Apple dev site and creates the needed pem files.
I converted the prod pem file to the correct p12 file with the openssl pkcs12 -export -in "production_com.app.prod.pem" -out "com.app.prod.p12" command and openssl pkcs12 -export -in "production_com.app.qa.pem" -out "com.app.qa.p12" for staging. Uploaded both to AWS SNS service (no sandbox) with no issues.
This fixed the production server. It worked with our old application (before the certificate changes) and the new version.
But our Testflight staging application was still broken. It did not work with the old or the new version of the iOS application. No errors are coming through. The application registers correctly with the Apple Push Notification service (APNs) and sends the token to our server. Manually pushing a message with an AWS endpoint does not work either but it says it was successfully sent.
Tried regenerating the certificates (made sure I'm uploading the correct ones). I'm using the same iOS device for all my testing. Our Android notifications are still working fine on staging.
Tried http://pushtry.com, says it was successful but never got any message.
Also tried the command openssl s_client -connect gateway.push.apple.com:2195 -cert "production_com.app.qa.pem" -key "production_com.app.qa.pem", with no errors returned.
I'm lost where the issue could be or how I could debug this further. So any suggestions will be helpful.
I'm trying to get my server to deliver push notifications via Apple's Push Notification service. (APNs)
My setup is as follows:
Cordova HTML/JS app
API in Rails on VPS via https
Houston gem for Push Notifications
I've created a certificate for development on my mac. When I run my server locally it successfully sends the notification to my iPhone.
I'm now trying to get it working on my server but without luck. I've generated a CSR locally, uploaded it in Apple's iOS App ID's editor and downloaded the CER. I then exported the CER to p12 with Keychain Access and converted that to a PEM file with the following command:
openssl pkcs12 -in apn_production.p12 -out apn_production.pem -nodes -clcerts
Houston needs this PEM file to send push notifications, I've done the same for development and it worked, but it needs to send from a server now, which could be the problem, I don't get any errors though. The notifications just don't arrive, which could be a production/development mistake I'm making.
I also tried creating a CSR file on my server and upload that via the iOS App ID's editor, but when I download the CER and open it in Keychain Access I'm not able to export it to P12, only to CER, PEM and P7B. Also there isn't a private key in this file, which there is within my locally created development certificate. Also when I export it to PEM and use it with Houston on my server it throws an error that the certificate is invalid.
Another thing I tried was upload the CSR generated by my VPS on the Apple Push Certificates Portal. This throws an error mentioning the certificate is invalid.
There's a couple things I'm not sure of:
1. Am I in development or production mode?
The app is not yet in the app-store, but it is in beta mode to download via TestFlight and push notification need to be send from my server. Is this a production environment or development or do I need to define this manually somewhere before building the App?
2. Is it possible to use a locally generated CSR for a PEM to be used on my server?
Am I right that I need a server generated CSR to start with when I finally need a PEM to send push notifications with from my server?
3. What do do now, how should I debug?
The PEM generated from my locally generated CSR is now uploaded to my server and Houston doesn't throw errors whatsoever. The push notifications don't arrive though, so, what should I do, can I trace these push notifications somewhere? Is there some APN logfile which I can read?
1) You need to use production certificates for sending push notifications via test flight.
2) You do not need a server generated CSR. You only need a valid ".pem" for sending push notification.
3) You need to remove sanbox (sandbox mode) from push notification url in push sending script. Also check if port 2195 of your server is open for communication or not because APNS communicates via this port.
I read this tutorial: http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1
He is generating the certificate signing request on his Mac using Keychain Access:
For Production, we are using an Ubuntu Server. Do you have to generate the CSR on the Ubuntu Server directly, or can you use the certificate generated on my Mac?
If you have to generate the CSR on the Ubuntu server, how can this be done?
You can use the CSR generated on the Mac. Once you have the signed certificates (one for development and one for production) from the Apple Developer portal you will need to export them (including the private key) for use on your server, as per your second screen shot.
I created a certificate signing request and used it to generate both a development and production push certificate.
Then I downloaded both of the certificates onto my computer and clicked both of them to install to the keychain.
However within the keychain only production certificate is showing as being associated with the CSR private key, the dev certificate is not, why is this?
You need to generate two separate CSRs, one for development and production each.