I'm trying to get my server to deliver push notifications via Apple's Push Notification service. (APNs)
My setup is as follows:
Cordova HTML/JS app
API in Rails on VPS via https
Houston gem for Push Notifications
I've created a certificate for development on my mac. When I run my server locally it successfully sends the notification to my iPhone.
I'm now trying to get it working on my server but without luck. I've generated a CSR locally, uploaded it in Apple's iOS App ID's editor and downloaded the CER. I then exported the CER to p12 with Keychain Access and converted that to a PEM file with the following command:
openssl pkcs12 -in apn_production.p12 -out apn_production.pem -nodes -clcerts
Houston needs this PEM file to send push notifications, I've done the same for development and it worked, but it needs to send from a server now, which could be the problem, I don't get any errors though. The notifications just don't arrive, which could be a production/development mistake I'm making.
I also tried creating a CSR file on my server and upload that via the iOS App ID's editor, but when I download the CER and open it in Keychain Access I'm not able to export it to P12, only to CER, PEM and P7B. Also there isn't a private key in this file, which there is within my locally created development certificate. Also when I export it to PEM and use it with Houston on my server it throws an error that the certificate is invalid.
Another thing I tried was upload the CSR generated by my VPS on the Apple Push Certificates Portal. This throws an error mentioning the certificate is invalid.
There's a couple things I'm not sure of:
1. Am I in development or production mode?
The app is not yet in the app-store, but it is in beta mode to download via TestFlight and push notification need to be send from my server. Is this a production environment or development or do I need to define this manually somewhere before building the App?
2. Is it possible to use a locally generated CSR for a PEM to be used on my server?
Am I right that I need a server generated CSR to start with when I finally need a PEM to send push notifications with from my server?
3. What do do now, how should I debug?
The PEM generated from my locally generated CSR is now uploaded to my server and Houston doesn't throw errors whatsoever. The push notifications don't arrive though, so, what should I do, can I trace these push notifications somewhere? Is there some APN logfile which I can read?
1) You need to use production certificates for sending push notifications via test flight.
2) You do not need a server generated CSR. You only need a valid ".pem" for sending push notification.
3) You need to remove sanbox (sandbox mode) from push notification url in push sending script. Also check if port 2195 of your server is open for communication or not because APNS communicates via this port.
Related
I've upload my app on TestFlight and trying to make voice call using twilio and it's throwing Error - 52134 Invalid APNs device token. I've been reading a lot of tutorials on fixing it but despite all my effort I've been able to fix. In sandbox it worked fine though.
I've done followings:
1) Created a new .certSigningRequest from keychain access
2) Generated new VoIP Services Certificate using above on https://developer.apple.com/account/ios/certificate/distribution/create
3) Added certificate in keychain, Exported .p12 file from keychain
4) Followed instructions on https://github.com/twilio/voice-quickstart-swift to run those three commands to generate key and cert
5) On twilio created a new Push Credential and added Certificate and key by copying and pasting
6) SANDBOX is unticked
7) Change CREDENTIAL SID in my server backend
8) Restarted server
I'm using automatic manage signing so I'm assuming everything should be alright there.
Regarding "APS Environment: production", I'm assuming xCode will make it production automatically when uploaded on TestFlight. I can see that it is included.
Despite all of above I'm still getting this freaking error APS Environment: production
I'm aware that the solution of this problem, in 99% cases, is to regenerate cert but right now I'm stuck. I've tried it two times already.
Not sure what else I can do to fix this issue?
i followed this way. it works for both sandbox and live.
To Create Twilio Certificate. follow this instructions.
STEP 1:
1. An Apple Developer membership to be able to create the certificate.
2. Make sure your App ID has the “Push Notifications” service enabled.
3. Create a corresponding Provisioning Profile for your app ID.
4. Create an Apple VoIP Services Certificate for this app by navigating to Certificates -> Production and clicking the + on the top right to add the new certificate (choose voip cert at the bottom).
5. Download the certificate, export the .p12 from keychain.
STEP 2:
Then follow these steps, by navigating to the folder where you added your .p12.
1. openssl pkcs12 -in liveVoip.p12 -nocerts -out key.pem
2. openssl rsa -in key.pem -out key.pem
3. openssl pkcs12 -in liveVoip.p12 -clcerts -nokeys -out cert.pem
4. openssl pkcs12 -in liveVoip.p12 -out VOIP.pem -nodes -clcerts
in Twillio console, Go to the Push Credentials page and create a new Push Credential. Paste the certificate and private key extracted from your certificate. You must paste the keys in as plaintext:
For the cert.pem you should paste everything from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----.
For the key.pem you should paste everything from -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY-----.
Remember to check the “Sandbox” option. This is important. The VoIP Service Certificate you generated can be used both in production and with Apple's sandbox infrastructure. Checking this box tells Twill to send your pushes to the Apple sandbox infrastructure which is appropriate with your development provisioning profile.
Once the app is ready for store submission, update the plist with “APS Environment: production” and create another Push Credential with the same VoIP Certificate but without checking the sandbox option
STEP 3: To test that your app receives notification, get the device token, open terminal, go to the folder where you added .p12. use this to trigger the voip notification manually.
apn push "<XXXXXX XXXXXX XXXXXX XXXXXX XXXXXX XXXXXX e8aafbd9>" -c VOIP.pem -m "Testing VoIP" -p
NOTE: Sometimes twilio tells invalid apns token. but still we are able to get the voip notification.
I was facing with similar issue. The problem was with credentials token decoding.
For iOS 12 (and earlier version) + Xcode 10
let deviceToken = (credentials.token as NSData).description
For iOS 13
let deviceToken = credentials.token.map { String(format: "%02x", $0) }.joined()
More informations: https://github.com/twilio/voice-quickstart-swift/issues/281
Try killing the voice quickstart app manually and restarting. After doing so, I started being able to receive phone calls after downloading via Test Flight on my phone.
The issue comes from testing the app via Xcode on the same device that you're now trying to test via Test Flight.
I was running into the exact same problem. Even after following Karthik's answer, and creating a new iOS SDK Credential in the Twilio Console, and updating my server for the new credential SID, I still was getting the "Error - 52134 Invalid APNs device token".
I did some more digging, and found this issue on the Github page for twilio/voice-quickstart-ios repo.
Here is what the Twilio engineer said:
"Thanks for reaching out to us.
This is a commonly seen issue when the device is used previously with development entitlement and later in a production environment. We have observed that in this case the device token returned in the PushKit delegate method will be for the previous environment (development entitlement device token) when launching the TestFlight app for the first time. Although registration still works since both the device token format and the Push Credential SID are valid, but error will happen when Twilio tries to send the notification delivery request to APNS.
Ideally this will only happen to the dev devices and to resolve this you simply need to relaunch the TestFlight app then it should be able to receive incoming call notifications.
Hope this helps."
You still need to create the same Push Credentials in Twilio Console with the sandbox checkbox unchecked, and update the credential SID on the server.
Im trying to implement Apple Push notification.
It is working fine in Local environment. But it is not working in test flight.
I have got Automatic signing enabled.
I have included the APNS entitlement file in my build with Key APS Environment and Value Development.
I have used both of the following urls in my server,
Sandbox: gateway.sandbox.push.apple.com, port 2195.
Production: gateway.push.apple.com, port 2195.
But still the push notification is not received from testflight mode. Why so?
Since your push notification is working fine on development but not on test flight.
You should check these as below:
Use the production SSL certificate to generate the .pem file on your push server when your app is using test flight.
Make sure your pem file and device token is right on your push server
I'm currently working on push notification workflow developed by another developer of my company.
I have a question about the sandbox for push notification.
I have generated a .pem for my production environment.
I have tested id with openssl as describe in this tutorial.
When i make the test to gateway.sandbox.push.apple.com url, the connection is ok even though i don't use the developement key and cert files (i use the prod file).
If i build and send push message to gateway.sandbox.push.apple.com with my prod pem file, the message will be send to the prod devices or dev devices ?
There's no such thing as a production device or a development device. There are devices with either a production build or a development build of your application.
You can only send a push to a development build of your app using the development environment, and likewise you can only send a push to a production build of your app using the production environment.
Production and dev builds are signed using different profiles, and this results in the push token that your app obtains being different, if you try to send a push using the sandbox environment but using a production push token then it will be rejected, and similarly attempting to use the production environment with a dev push token.
You need to set your gateway proper, use the proper PEM whether Dev PEM or Dist PEM. Xcode needs Dev profile and certificate to run and test with Dev PEM
When I try to execute an apple push notification on the server I get the following error:
com.notnoop.exceptions.ApnsDeliveryErrorException: Failed to deliver notification with error code 8
My server is a Java application. It is strange that the same server WAR file works OK locally (notifications are sent), but it does not work (with error above) when I deploy it to remote server (RedHat openshift.com).
Here is what I do:
In Xcode I archive my application and export it for Ad Hoc
distribution using Distribution Provisioning profile. The profile
contains "aps-environment production" entitlement.
In Apple
Developer center, I download the APNs production iOS certificate,
import it in my iMac Keychain and export a p12 file.
I deploy the
.p12 file to my server, where I use
https://github.com/notnoop/java-apns library to execute apple push
notifications. The library is initialized like this:
APNS.newService().withCert(certificateInputStream,"password").withProductionDestination().withDelegate(this).build();
When run, the client application successfully registeres for push
notifications and receives a token.
When the server tries to
execute a push notification, an exception is thrown:
com.notnoop.exceptions.ApnsDeliveryErrorException: Failed to deliver
notification with error code 8
Can you help? What could be the reason that the same setup works on a local but fail on a remote server?
It appeared to be another error. The server contained old deployment (war) file, which was still pointing to the sandbox APNS environment. After I redeployed manually, the problem is gone.
I am going to use a linux server for push notifications.
Is the following correct?
Generate a CSR of the linux server
Upload the file to Apple to generate a cert
Change this cer to pem and then conbine with my private key pem of linux
Use the combined pem in my code
Is this correct? Since I get confused by the Apple document, I can now only test push notifications in my mac book, and can't test on other servers.
You don't have to generate the CSR on your linux server.
You can use the pem or p12 file you created (using your mac book) on any server.
If your code works when you test it on your mac book, it will work on any server. You just have to copy the pem or p12 file to that server.