I'm trying to set up iOS push notifications via OneSignal for a second app on my developer account, but all of a sudden I'm getting this error:
"Your production certificate was rejected by Apple. It may be expired, revoked, or invalid. Double-check your file or use our provisionator tool to auto-generate a valid certificate."
Image: OneSignal Error Message
What's strange is I didn't have this problem at all for my first app, but now it's giving me this error. I've followed the documentation at https://documentation.onesignal.com/docs/generate-an-ios-push-certificate and the claim from Certificate being rejected by Apple that the issue has been resolved on Onesignal's side doesn't seem to hold true. I've also tried deleting all expired/revoked certificates in the keychain but the error persists. Could this be an issue with different certificates for multiple different apps?
Just stumbled across the same issue today.
Solved by generating a new APN cert with a different CSR, download the APN cert and install to keychain, export the .p12 and upload to OneSignal.
Related
I needed to create a new distribution certificate to upload my app to test flight. to do this, I created a certificate request via the keychain access tool. I then went to the Apple developer portal and created a distribution certificate by uploading that request. I then downloaded the certificate and added it to the keychain. When I attempt to upload, I get the missing key message:
"[name] has one Apple Distribution Certificate but its private key is not installed..."
How is this possible if I am on the computer that generated the request?
Upgrading xCode fixed the problem. I was on 11.3.x and upgrading to 12.5 completely fixed the issue. I then ran into app bundle id issues (which were easy to fix), which makes me think perhaps xCode was just giving me the wrong error message. Regardless, upgrading fixed the problem.
I know this question has been asked a few times but I am still having issues after trying all the suggested fixes.
I have an app that is being tested through Apple's TestFlight of which a number of External Users have downloaded. The app was built using an AdHoc Distribution Profile against the relevant App ID which has Push Notifications Enabled for Distribution and has the necessary Apple Push Services certificate. I am using Parse and am able to receive notifications on my test device (signed with the dev certificate and APN push cert), however the external testers are not receiving any notifications.
I am using Parse and can see in the logs that the notifications are being sent so I am assuming it is something with the devices themselves related to a problem with the provisioning profiles. I also followed the steps to uploading a new .p12 file to my Parse server for production notifications.
However, it seems that only the builds with the development profile are able to receive notifications. Am I correct in assuming that this is because the certificate used by Parse to sign the notification doesn't match that which was used in the adhoc build? I.e. Parse is still using the old .p12 certificate?
When I uploaded the new .p12 file to my Parse server I didn't explicitly remove the previous .p12 certificate, do I need to do this? Would revoking the dev APN certificate solve this?
Any help is much appreciated.
Thanks
The reason notifications were not being received was due to the production flag not being set to true when I uploaded the production certificate to my Parse server. I re-uploaded the certificate setting this to true and notifications began to work.
My AWS SNS stopped sending push notifications to my subscribers on iOS and I am trying to understand why. So I started from scratch with the aim to deliver 1 notification to my test device.
I have done the following:
Create new certificate on iOS Dev Portal of the new "Apple Push Services" type, not the old "APNs iOS Production", imported to keychain, exported certificate and private key, added those to AWS as described in the AWS SNS APNS instructions.
Confirmed that this new APNS certificate shows up in the "Production SSL Certificate" list in my App ID on the portal.
Create "iOS Production" application in AWS SNS and load the credentials above.
Build the app for my test device, subscribe to notifications, get the token and strip all spaces etc. and with that token create a new Endpoint on AWS SNS.
Select that single Endpoint and send a message to it.
I just get this error in the CloudWatch Logs:
"providerResponse": "NotificationErrorResponse(command=8, status=InvalidToken, id=1, cause=null)"
I've been through this process a few times, created new certificates, tried with old ones, reinstalled the app several times, etc. etc. I even ran across this issue of the Apple CA certificate expiring today as I saw most of the certificates on my Keychain appearing red with the message "This certificate has an invalid issuer" but apparently this should not be an issue according to Apple (also the above did not work from yesterday).
I feel like I have exhausted the research I can do here.
What is it that I am missing?
Or how can I debug this? I using the credentials I can successfully "ssh" to the APN server, is there a way to interactively figure something out there?
UPDATE:
It could be that I'm trying with the "production" certificate but on an app Im' building from Xcode? Isn't this new certificate supposed to work for both the Sandbox/dev and production version?
The most direct way to answer this question is to answer this:
It could be that I'm trying with the "production" certificate but on an app Im' building from Xcode? Isn't this new certificate supposed to work for both the Sandbox/dev and production version?
In simple terms... Not really. You could try to pull this off but it gets weird. You have to create an ad hoc distribution and load that onto your phone to get this to work. Every time you click run in Xcode, it runs the release certificate (AKA the Development Profile. Unless you've changed this in the scheme settings. You can't run a production APNS with a development certificate.
To expand - The production push-notification certificate matches the distribution provisional profile - the sandbox push-notification certificate is for the developer provisional profile
Anything run from Xcode to your phone runs the developer profile and will except the sand box certificate. Once you click Archive - you should have Distribution set for your archiving in your Manage Scheme settings
While I am attempting to upload Production certificate on Parse.com for Push notificatation.
There is error message
Unsupported certificate type. Common Name (CN) must contain one of:
Apple Production IOS Push Services, Apple Development IOS Push
Services, Pass Type ID, Apple Development Mac Push Services, Apple
Production Mac Push Services.
After some research I came to know that.
While we are exporting Production certificate from Apple,
Common Name before was : Apple Production IOS Push Services:[Bundle name]
And Now : Apple Push Services:[Bundle name]
May be this is the reason Parse fails to validate certificate.
Please give solution if any.
It seems problem is solved now by Parse.
You can face error
Could not connect to Apple with this certificate
If so, revoke your APNS certificate and regenerate it.
And then create .p12 file with this new certificate. and upload it.
I have successfully uploaded .p12 file.
I have an iOS app in the store which is using the product APNS environment (confirmed in iTunes connect binary details), these apps are being provided with push tokens, so I have to assume everything is configured in the app correctly, else they'd receive the "no valid 'aps-environment' entitlement string" error.
I am using Amazon SNS to send the push notifications, which for other apps has been working perfectly, but for this particular app all notifications are being returned with "Platform token associated with the endpoint is not valid".
I've tried to resolve this problem by reissuing the certificate which SNS uses to connect to APNS, confirming it is for the production environment - same issue.
I've tried deleting the app, reissuing an Ad Hoc certificate (which is in the production environment) and reinstalling it on my phone (removing all developer certificates with the same app ID) - I get the same push token, with the same rejection issue.
This is happening to ALL users, including those who have never had a sandbox version of any app installed, so the tokens can't be from the sandbox environment. I don't understand why a token issues to an app store app could be rejected by production APNS?
Ok I finally found the problem.
I was setting up a few apps at the same time, so for ease I reused the certificate signing request when creating the APNS certificates for SNS. Apple and SNS didn't show any indication that there was an error with the certificates so I assumed they were fine, but all but the first one were invalid.
As the SNS error said the token was invalid I didn't think there was any issue with the certificate, but after regenerating them all with new CSRs, every thing started working fine.
The moral of the story:
Certificate Signing Requests can only be used once, reusing them won't cause any errors, but will generate invalid APNS certificates.