i'm new in the world of certificates, and reading aware i had to adapt my flow to various case posted but without resolve the problem as per my current configuration.
Can you please confirm me the flow to produce the certificate app rightly ?
WHAT WAS DONE
App ID creation
Create an App ID (ex. com.dir.app)
Enable for app ID com.dir.app the push certification
Development APNS creation
[keychain] - produce a pair of key by a Certification request (key pair name: com.dir.app.dev)
[dev.console] - upload certificate SSL for the dev push part inside App ID options
Download the certificate com.dir.app.dev.apns.cer
Open it and export it as com.dir.app.dev.apns.p12
Development certificate creation
Go to Development Certificate tab
Create a new Dev. Certificate providing the previous key produced (com.dir.app.dev)
Download the certificate produced and install inside local machine Keychain. Now the key appear to be certified with the downloaded certificate
Export the certificated as com.dir.app.dev.p12
Provisioning creation
[dev-console] Create a new mobile provisioning for dev (iOS App Development) selecting the appID - Here a problem occurs: apple provide a certificates list without showing ANY details about certificates - instead, for production certificates, an expired date as detail is shown. So i tried to perform various tests.
Export it as com.dir.app.dev.mobileprovision
App Key creation
[dev-console] - Go go the Keys tab
Create a new key
Download the new key as com.dir.app.key.p8
Firebase configuration
Create a new application calling it with the same name of app ID created at point 1 (com.dir.app)
Go to the Cloud messaging tab
Select the application com.dir.app
Insert the new APNS key produced in .p8 format with its ID
Phonegap configuration
Add a new key using as .p12 the file produced at point 10 (com.dir.app.dev.p12), as provisioning file produced at point 12 (com.dir.app.dev.mobileprovision) with respective password.
Assumptions
[Phonegap] - Phonegap build finish correctly and keys are correctly selected
[Backend] - The backend system is currently working with another application (for which iOS configuration are suspects ...)
[Token for Push] - The Token is correctly generate by the backend system
Problem
The push notifications are not received by the app installed on ad iPad with iOS 11.2.2
QUESTIONS
During the configuration of Phonegap, i have to provide the .p12 file for the push notification instead the development p12 certificate exported?
I have another application that inside the App ID tab (in the developer console), doesn't have the Push Notification SSL certificates configured: **how is possible that this application (eg. com.dir.alpha) is able to receive the push notification? Is there maybe another way to enable push?
Many thanks in advance.
Simon
Problem was solved resolving this one Firebase + Push + iOS
Based on your system GCM management, after having being sure to have configured properly your GCM creation and registration, you must have to being sure also to are able to send a push by the Firebase > Notification console selecting "Single Device" as push device target.
I need to build an update for an iOS application that uses Back4App as backend and we have some push notifications integrated.
The previous version of the app wasn't created by me so I don't have the private key of the previous Push Notification Certificate and I had to recreate them both for Development and Production.
So my questions are:
If I upload the new Push Notification Certificates then will the old versions of the app continue working?
This seems to be a bug in the Back4App Dashboard, because I have added the new certificates, but I can't remove the older ones.
If I try to remove a certificate with the X button the I receive a Forbidden (403) error in the error console of the browser and the removed certificates keeps re-appearing when I refresh the window of the browser. (see attached screenshot)
Considering you are generating the new certificate with a new bundle id, you should keep both certificates uploaded there.
Parse stores in the Installation table the bundle id that the client is using and use the correct certificate for each of them.
Therefore existing users will keep using old certificates and new users (also the existing users that have already updated their apps) will start using the news ones.
Regarding the bug, could you please report it in the web-site chat together with your app id?
My AWS SNS stopped sending push notifications to my subscribers on iOS and I am trying to understand why. So I started from scratch with the aim to deliver 1 notification to my test device.
I have done the following:
Create new certificate on iOS Dev Portal of the new "Apple Push Services" type, not the old "APNs iOS Production", imported to keychain, exported certificate and private key, added those to AWS as described in the AWS SNS APNS instructions.
Confirmed that this new APNS certificate shows up in the "Production SSL Certificate" list in my App ID on the portal.
Create "iOS Production" application in AWS SNS and load the credentials above.
Build the app for my test device, subscribe to notifications, get the token and strip all spaces etc. and with that token create a new Endpoint on AWS SNS.
Select that single Endpoint and send a message to it.
I just get this error in the CloudWatch Logs:
"providerResponse": "NotificationErrorResponse(command=8, status=InvalidToken, id=1, cause=null)"
I've been through this process a few times, created new certificates, tried with old ones, reinstalled the app several times, etc. etc. I even ran across this issue of the Apple CA certificate expiring today as I saw most of the certificates on my Keychain appearing red with the message "This certificate has an invalid issuer" but apparently this should not be an issue according to Apple (also the above did not work from yesterday).
I feel like I have exhausted the research I can do here.
What is it that I am missing?
Or how can I debug this? I using the credentials I can successfully "ssh" to the APN server, is there a way to interactively figure something out there?
UPDATE:
It could be that I'm trying with the "production" certificate but on an app Im' building from Xcode? Isn't this new certificate supposed to work for both the Sandbox/dev and production version?
The most direct way to answer this question is to answer this:
It could be that I'm trying with the "production" certificate but on an app Im' building from Xcode? Isn't this new certificate supposed to work for both the Sandbox/dev and production version?
In simple terms... Not really. You could try to pull this off but it gets weird. You have to create an ad hoc distribution and load that onto your phone to get this to work. Every time you click run in Xcode, it runs the release certificate (AKA the Development Profile. Unless you've changed this in the scheme settings. You can't run a production APNS with a development certificate.
To expand - The production push-notification certificate matches the distribution provisional profile - the sandbox push-notification certificate is for the developer provisional profile
Anything run from Xcode to your phone runs the developer profile and will except the sand box certificate. Once you click Archive - you should have Distribution set for your archiving in your Manage Scheme settings
I have tried these bellow ways:
I noticed was the Device Token gets changed for every fresh install which is kind of weird as we have to update the server for every new instance. Now i have fixed with save UUID in keychains.
I have created development provision and check. But not getting any luck.
I have created Adhoc provision and check. But still not getting PN.
Depending on how you distribute your app you may either be on the sandbox or the production server. Your token will only work for the server that the app is provisioned for.
Additionally, the machine that you're sending push notifications from will need to have the correct certificate and key to interaction with the APNS servers.
One thing to watch out for is using the same Certificate Signing Request for both the development and production APNS certs, some services won't properly send if they detect the wrong certificates in a .p12 file and keychain access will export more than two items if you used the same CSR.
My app is now available in the app store, so I've downloaded it to my device. The push notifications were working fine during development. I am using JavaPNS to send out the notifications, and I have switch it to point to Apple's production servers.
However, I'm now getting an Invalid Token error back from the APNS servers.
I have the Archive scheme set to "Release", and I have Release set to use this distribution profile:
Inside that provisioning file, you can see that I have the environment set correctly:
Yet I still get the error. When I look in my database, I think the device token the app is returning to me is the same as the development one, so that could be the problem. But I don't know why it would be returning that, given that the app is signed correctly. This is a device I also used for testing, could that be a problem? Any other ideas about what's happening here?
Thanks!
EDIT: I'm not storing a token in my code, Eran's answer suggests that the only other possibilities are an old token in my database, or the app not being signed by a production profile. I'm cleared my database, so I know it's not the former, and as for the latter, I don't see how that could be the case, since I only have one distribution profile, and as I've shown above, it has the "aps-environment" key set correctly. XCode wouldn't even let me use a development profile for app store submission, would it? A few other possibilities:
Is it possible that something being wrong with key I'm sending with my notifications could cause "Invalid Token"? If so, can I regenerate this key for my existing profiles?
Isn't there another provisioning profile contained in the AppID for the purposes of push notifications? Could a problem with that cause the invalid token error?
I re-downloaded the push production certificate and exported it from the keychain as .p12. This seems to have solved the problem. It seems strange though that a bad private key was giving me the "Invalid Token" error.
The device token for production is different than the development one, so if you send a development token to production APNS servers (or vica versa), that's the cause of the problem.
It's possible you didn't remove the development device token from your server when you switched to production.
Or if you are getting the development token from your production app, then either the app is returning a locally stored device token (which you may have stored on your device during development) instead of asking Apple to get a new one, or (if you do ask Apple for a current token and still get the development token) your app is not signed with the production provisioning profile.
MyApp is an iOS app that sends and receives Push Notifications MyApp-to-MyApp using APN token IDs fetched from a database that is kept updated by each MyApp at logon. The Push Notifications are sent by MyApp using the NWPusher framework API.
As long as the project was run in Developer (Debug) mode, sent and received Push Notifications worked perfectly. But, in Production mode, sending Push Notifications would not work.
I went back and completely recreated my AppID, SSL certificates, provisions, etc., but to no avail. Next I used the NWPusher MacOS Pusher app to experiment with sending Push Notifications to MyApp. I configured Pusher to send a Push Notification (to the tokenID of an Ad Hoc distribution of MyApp) with MyApp’s Production SSL certificate, and got the following message in the Pusher log: "Notification error: APN invalid token".
I next noticed that Pusher had a checkbox option “Should use sandbox environment” checked. I unchecked the option and tried it again. This time the Push Notification was sent and then received by the target phone without any errors. This led me to take another look at the NWPusher.connect call:
Swift:
let pusher:NWPusher? = try? NWPusher.connect(withPKCS12Data: pkcs12! as Data, password:APNS_Certificate_Password,environment:NWEnvironment(rawValue:1)!)
which has an environment argument NWEnvironment enum with possible values 0=none, 1=sandbox, 2=production, 3=auto.
Changing rawValue:1 (develop sandbox) to rawValue:2 (production) fixed the problem: Production Push Notifications now work without errors.
xCode 8.0
I had "invalid token" error the after installing of xCode 8.0.
The issue was found here: Project Navigator -> select project (topmost item) -> select project name in Targets menu -> choose Capabilities in top menu -> look at PUSH Notifications section -> click "Fix issue"
Found the root cause for this issue, it is because of bad private key. To resolve this issue just generate a .p12 certificate with .pem . For creating the p12 file with .pem file please follow the below method
Under ios App Bundle IDs menu in https://developer.apple.com/account/ios/identifier/bundle
click the id of your app if in production, add a new certificate if the old one has expired.
Ensure your App Bundle ID com.myapp.mycom matches your Certificate Name com.myapp.mycom