Error In Push Notification on Distribution - ios

I have implement the push notification after create the ck.pem file on development end. But when i create on distribution end then we check the ck.pem file is correct or not.I have error show below:-
pksinghs-Mac-mini:SchoolPush pksingh$ php /Users/pksingh/Desktop/SchoolPush/simplepush.php
Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Warning: stream_socket_client(): Failed to enable crypto in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Warning: stream_socket_client(): unable to connect to ssl://gateway.push.apple.com:2195 (Unknown error) in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Failed to connect: 0
pksinghs-Mac-mini:SchoolPush pksingh$
i have ck.pem file and pushnofication.php in same folder on desktop.
Can anybody help me.

Find the tutorial for how to create certificate and implement notification from below link
https://www.raywenderlich.com/123862/push-notifications-tutorial
you can use below command to create certificate
so there are something wrong in creating distribution certificate
Use below command to create certificate
openssl x509 -in aps_production.cer -inform der -out PushChatCert.pem
openssl pkcs12 -nocerts -out PushChatKey.pem -in Certificates_dist.p12
cat PushChatCert.pem PushChatKey.pem > ck_dist.pem
openssl s_client -connect gateway.push.apple.com:2195 -cert PushChatCert.pem -key PushChatKey.pem
where
aps_production.cer = downloaded from developer apple
Certificates_dist.p12 = Exported from your keychain after installing aps_production.cer

Related

Error: unable to load client certificate private key file

I am trying to check if my certificate is correct and trying to do a handshake with:
openssl s_client -connect gateway.push.apple.com:2195 -cert cert.pem -key privateKey.pem
I am getting an error:
unable to load client certificate private key file
4452410816:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

openssl x509:No filename or uri specified for loading certificate

openssl x509 -inform DER -noout -subject <certificate
Error:
No filename or uri specified for loading certificate
Unable to load certificate
I found that it was the OpenSSL version that caused this, I used the alpha version(OpenSSL 3.0.0-alpha7-dev)
Changing to a stable version of OpenSSL solved my problem.

Getting stuck with Creating .p12 push certificate file for Bluemix push

With reference to this post: Devices being unregistered after push is sent, I have the same issue - my iPhone device is unregistered after sent a push notification. I tried the suggestion from that post, and I did this with my certificates:
-ios_development.cer - Development profile downloaded from Apple
-Certificates.p12 - APNS .p12 exported from the keychain
-openssl x509 -in ios_development.cer -inform DER -out apns.pem -outform PEM
-openssl pkcs12 -nocerts -in Certificates.p12 -out Certificates.pem
-openssl pkcs12 -export -inkey Certificates.pem -in apns.pem -out bluemixPush_dev.p12
and I got this error:
unable to load private key
97354:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/crypto/evp/evp_enc.c:330:
97354:error:0906A065:PEM routines:PEM_do_header:bad decrypt:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/crypto/pem/pem_lib.c:428:
Is anyone having the same issue?
#Jan As your private key is wrong, you are getting that error. Please follow the steps mentioned in the below link to create a .p12 certificate.
https://console.ng.bluemix.net/docs/services/mobilepush/t_push_provider_ios.html#create-push-credentials-apns-ssl

Verify return code: 20 (unable to get local issuer certificate) while creating push notification P EM file

I am creating PEM file for Production APNS , and i have done this several time before .
But i am facing an error on terminal while testing my PEm file from below command :
$ openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem
It gives me :
Verify return code: 20 (unable to get local issuer certificate)
as response.
I have tried so many times but did not identify the problem .
May be it is because of my distribution certificates created on diffrent Mac .
But i am not sure .
Any help suggestion will be helpfull.
The developer link asks to include -CAfile server-ca-cert.pem, which does'nt work either.
All other options of indicating the CAfile gave me errors like 'unable to load certificate'.
The below actually worked for me after trying other options.
openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem -CAfile entrust_2048_ca.cer
This solution gives 'Verify return code: 0 (ok)'.
On an additional note: You can also specify the .key file as the -key value & it will work too i.e. something like, ref here
openssl s_client -connect gateway.push.apple.com:2195 -cert myCert.pem -key myprivatekey.key -CAfile entrust_2048_ca.cer
You need to give a CA certificate as CAfile commandline argument to s_client. The trusted root certificate for the push servers is the Entrust CA (2048) root certificate which you can download from Entrust's site.
$ openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem -CAfile entrust_2048_ca.cer
For more information and other possible reasons, please, check Apple developer guide Troubleshooting Push Notifications.

Stuck creating p12 file for MoonAPNS

I am having some trouble creating my .p12 certificate.
I have previously created an application with push notification, this works fine.
The application takes the users device id and saves it into a database.
I have added the code into my new application(with the amendments to work with the new application), and from the Log it seems to be working in the same way as my other app.
I have downloaded the relevant files that i need and then i know i needed to use ssl to be able to create my new and combined p12.
I cant for the life of me remember how i created the p.12 file.
I'm using moonapns.
I have used the following:
Step 1:
openssl x509 -in aps_developer_identity.cer -inform DER -out
aps_developer_identity.pem -outform PEM}
Where aps_developer_identity.cer is the file you download from the
portal
Step 2:
openssl pkcs12 -nocerts -out APSCertificates.pem -in
APSCertificates.p12
Where APSCertificates.p12 is a file you export from the Mac Keychain.
This is critical, you must import the certificate from the portal into
keychain. Find it in My Certificates, open the disclosure triangle and
highlight both the certificate and the private key, then right click
and export them. Give them a password and save them to a p12 file.
Step 3:
openssl pkcs12 -export -in aps_developer_identity.pem -out
aps_developer_identity.p12 -inkey APSCertificates.pem
I have added the certificate and it isn't working, i'm not receiving the notification to the device. Does any one know how else i am supposed to create the certificate??
openssl pkcs12 -export -in your_app.pem -inkey your_key.pem -out your_app_key.p12
refer this link
http://www.raywenderlich.com/forums/viewtopic.php?f=20&t=7468
Try this:
After downloading the .cer file (aps_development certificate is not the ios_development), manages the pem file with the following command:
openssl x509 -in "path_to_apple_cert.cer" -inform DER -out "path_to_an_output_Cert.pem" -outform PEM
Take your APSCertificates.p12 file and run the second command:
openssl pkcs12 -nocerts -in "path_to_exported_p12_from_apple_cer.p12" -out "path_to_an_output_Key.pem" -passin pass:your_p12_password -passout pass:your_new_p12_password
Now take the two pem files that you generated and run the following command:
openssl pkcs12 -export -inkey "path_to_an_output_Key.pem" -in "path_to_an_output_Cert.pem" -out "path_to_final_p12.p12" -passin pass:your_new_p12_password -passout pass:your_final_p12_password
This is your P12 for push notifications.
If you do not want to use the
$ cat command PushChatCert.pem PushChatKey.pem > ck.pem
contained in some instances, if you are on windows you can use:
type PushChatCert.pem PushChatKey.pem > ck.pem

Resources