I have create two diffrent App id for development and distribution profile but facing an issue for get notification for distribution profile but its work on development profile. anyone give me check .pem file correct or not
I had issues with PEM´s without pass. Create them with a pass and try again.
If you have access to your server log, yo can check APNS server response, sometimes it gave clues on what is going on.
Also check if your devices´ tokens are correctly stored in server.
You need to check the following scenarios and execute.
In the firewalls need to check the 2195, 2196 ports and also check gateway.sandbox.push.apple.com, gateway.push.apple.com
Sign your application using distribution profiles and run the application in distribution mode. Make sure if you are running the application using distribution mode then in server side also should use distribution PEM files. I believe you are made the mistake in this scenario.
Related
I read a lot about certs and watched a WWDC, but should clear for myself and for others next question. When we creating certificates in the developer portal, we see next possibilities:
So, what is the purpose of creating only Sandbox certificate instead of Sandbox&Production one? Also there is two fields in app description for certificates.
Does it is a rudiment and we can use only S&P certificate or we should also implement development cert?
After some investigation, I didn't find cases were needed only Sandbox Certificate. It seems, that it's a rudiment. You can generate only one cert for Sandbox & Production and use only it for both environments.
Well just right now every Samsung phone got a push notification with a title of 1 and body of 1.
https://www.theverge.com/2020/2/20/21145130/samsung-find-my-mobile-app-1-notification-galaxy
Why? I guess because the person was testing how remote notifications work. Just that he was using the production certificate and it got sent to every Samsung user.
So it's certainly safer to be using the sandbox version to test things initially with your debug builds ie build that have used your development certificate.
You won't run into an issue when you're working with a tool that you require a given device token e.g. see Push Notification Mocker. But if you give this production certificate to your QA server and QA server sends tries testing out a 'send to all users' notification then such a cluster mess will happen.
To start with the problem, the push notification certificates in the backend was set-up by another developer and was perfectly working fine. However, the developer has left and as I do not have access to his machine hence I created new distribution certificates to upload the new version of the app, which then stopped the push notifications to get delivered. I'm working with push notifications for the first time and quite confused where the problem lies. Can anyone give me a clear picture what is happening and how to go about it?
Here's what I did after it stopped working. I went to the developer portal, and as it was showing push notification was enabled hence,
generated a code signing request or CSR file in my mac
downloaded the aps.cer file
created .p12 and .pem file
After this, I have provided both the .p12 and .pem file to our backend guy, but still, it was not working on our test flight builds.
I then tested using Pusher application which was available from GitHub and it successfully delivers the push notification to the test flight build using production certificates.
Hence can anyone give me a clear idea, where I could have gone wrong?
Do I need to revoke my push notification SSL certificate and generate again? or what could be the possible mistake?
If it is working using any online tool such as pusher, then it should work fine from code as well. your developer is missing something, Ask him to check configuration properly. he must invoke production APNS url/port if it is production certificate and production app. he must invoke sandbox APNS url/port if it is sandbox certificate and sandbox app. Below url/ports are used for APNS(assuming you are using directly APNS instead firebase)
SANDBOX_GATEWAY_HOST = "gateway.sandbox.push.apple.com"
SANDBOX_GATEWAY_PORT = 2195
SANDBOX_FEEDBACK_HOST = "feedback.sandbox.push.apple.com"
SANDBOX_FEEDBACK_PORT = 2196
PRODUCTION_GATEWAY_HOST = "gateway.push.apple.com"
PRODUCTION_GATEWAY_PORT = 2195
PRODUCTION_FEEDBACK_HOST = "feedback.push.apple.com"
PRODUCTION_FEEDBACK_PORT = 2196
Also make sure these url are reachable from your server, try to send a push notification from server using curl command and debug if still issue persist. Keep in mind proxy also if you using.
Just answering here so that it can be helpful to someone else. Everything was set up as accordingly, however, the problem was 'Sandbox' key in the server was set to 'True' for even production. Once we turned it false, everything worked perfectly.
I have tried these bellow ways:
I noticed was the Device Token gets changed for every fresh install which is kind of weird as we have to update the server for every new instance. Now i have fixed with save UUID in keychains.
I have created development provision and check. But not getting any luck.
I have created Adhoc provision and check. But still not getting PN.
Depending on how you distribute your app you may either be on the sandbox or the production server. Your token will only work for the server that the app is provisioned for.
Additionally, the machine that you're sending push notifications from will need to have the correct certificate and key to interaction with the APNS servers.
One thing to watch out for is using the same Certificate Signing Request for both the development and production APNS certs, some services won't properly send if they detect the wrong certificates in a .p12 file and keychain access will export more than two items if you used the same CSR.
My app is currently being tested by testers via TestFlight. The problem is that they don’t receive any push notifications sent. It’s working on my own device when connecting it to my mac and running the app directly from x-code.
I feel like I’ve tried almost everything, from changing certificate from dev to production to recreating a new production APNS certificate and build using a new profile referencing it, etc.
I know this question has been discussed on other topics but I never found the right answer in my case. I can't post images here because I don't have enough reputation but I have relevant screenshots.
Any help is welcome :)
Elements to help diagnostic :
It’s working on my device when I run the app directly from x-code.
The testers are asked properly if they want to authorize push notifications on their devices (at least the first install, after if they want to get asked again they have to do what’s described in Reset push notification settings for app)
The registering is working because I can see their devices tokens in the logs (but I have the feeling that the token is always the same, no matter if the app is built with the production or the dev certificate, not sure if it’s normal).
I have an APNS Production certificate.
I have a distribution profile, with “push notification” enabled. It’s linked with my “full” appID (and not the generic one with “*”).
I’m signin the build in release mode with the distribution certificate (not in debug mode), and I’m using the provisionning profile described above (the distribution one, linked with my app id)
And when I check in the "binary & entitlements" window just before submitting the build I see the the provisionning profile is correct and that "aps-environment" is set to "production".
Server-side : The APNS call is made by using javapns (https://code.google.com/p/javapns/) from a google app engine server. Like I said the notification are correctly received on my own device so I guess this call is working. We have a .p12 file generated from the APNS developpement certificate and a .p12 file from the APNS production certificate, and I've tried to make the call with both and it's not working. The server-side code hasn't change from the previous version and it was working in production with the app on the store. The problem is really focused on testing with testflight.
Thank you all !
If you followed Ray Wenderlich's tutorial and you made everything work in development mode, the issue most likely comes the fact that you now need to create a new .pem-file for production mode.
So, you need to perform exactly the same steps that you did with the development certificate (i.e. the .p12-file) you downloaded once more with the production certificate which you can obtain in the iOS dev center as well:
Hi so I'm very confused at the moment and don't know what to do next. I've spent the last two weeks getting these push notifications to work correctly, and when I finally have it all neat and tidy, I put it into an adhoc distribution bundle and switch the server configurations to the production environment, suddenly nothing works and I have no error messages to go off of. It should work, it should work and it doesn't. So I need some help because I'm lost.
possible problems -
HOST CONFIG
What really helped me get it working in the first place was this tutorial here, the hosting server is Heroku and the application is written in Sinatra using this gem, and if that doesn't carry over to production environment in someway I am not seeing please tell me. To update the environment to production, I just changed which key was used and the host from gateway.sandbox.push.apple.com to gateway.push.apple.com as shown here:
APNS KEYS
I don't think it's this, but I don't understand what is going on so I documented it, but the distribution key works I believe - running
openssl s_client -connect gateway.push.apple.com:2195 -cert dis_apskey.pem
in the terminal got this connection and transaction with the push server:
Which I believe means it worked though I don't know for sure (see edit in answer, this does NOT mean it worked). The keys were made with this command:
openssl pkcs12 -in aps_distribution.p12 -out dis_apskey.pem -nodes
from the private keys of the APS Development and Distribution certificates downloaded from the iOS development portal or whatever it is called now, exported as .p12 encrypted files:
Though, while from different private keys they did turn out strangely similar (all characters are the same)-
Is that normal? because I made both the push service certificates from the same CSR, I dunno I'm totally lost... just throwing it out there, because none of this makes sense anymore.
CODE SIGNING
I believe this is correct (from my xcode project):
Those correspond to the certificates and mobile provisioning profiles in my iOS Developer Portal and I have regenerated so many new ones, refreshed them in xcode, double checked and reloaded them in to this thing that I'd find it hard to believe this is the area of issue. But just to make sure I'm posting it, those are current profiles, made after the APS Certificates were issued. Again, this doesn't make a whole lot of sense to me and yes, I've read the documentation and it's still greek.
MOBILE DEVICE TOKENS
This again, I don't see being the issue. My app generated one token using the development profile and the sandbox was able to push notifications to it and it worked BEAUTIFULLY! Then my app generated a NEW token when I switched to the adhoc profile and build BUT with the production environment nothing gets through to it. I'll say again, everything was working correctly on the sandbox but does not now.
Any other reasons?
That's all I can think of, if anyone has something else please let me know. I just want this working and I can't see the errors if apple sends them back to failed pushes so I have no clue. It was working in the developer sandbox and should be working now, that's all I can think of.
Thanks.
So after a long problematic bought of frustration spanning two days. What worked. Reading
I needed to export both items
followed by the .pem conversion.
and success!!
Edit: I should also note that the picture of the ssl connection to gateway.push.apple.com in the question was NOT a correct connection, using the new .pem key here produced by the answer the socket does not "close" immediately. You should be able to type something there before it's closed.