I am having trouble creating a valid production .pem file for my iOS app's push notifications. The development version functions perfect, however I suspect the problem lies with my keychain access attempting to pair a development private key with the production certificate. Could someone verify either way on this? If so, where would I find a distribution private key?
I've followed pretty much every tutorial and post I could find on here pertaining to APNS production certificate generation, however I've been having the strangest results.
I've attached a picture of my keychain access where the certs are stored. If "this" looks right, and it should in fact say "Developer" rather than Distribution, Production, etc... I'll add additional information, just point me in the right direction.
Thank you.
Your private key is the same both for Development Certificates and for Distribution certificates.
The Main Issue is to check that the APNS Certificate is Valid and is Signed with your private key. Once you verify this you shouldn't have a problem generating your .PEM files You can follow this response for instructions:
Creating .pem file for APNS?
Hope this helps ;-)
Related
I can't upload my production APNs Certicate on Firebase. There was an error reading your certificate.
I can't find out the cause of this error.
You should select only the certificate and don't select the private key . See this screenshot
I experienced the same issue before due to not proper "Certificate Signing Request". You may miss the Common name when you create a "Certificate Signing Request" or you may mentioned any other mails that didn't include in your xcode as developer Account.
Please try to put a common name and do the process again to create a new APN Certificate.
I think you make some mistake's to create the certificate. Follow this link to create certificate correctly and try.
In my case I have faced this issue because I was exported 2 items Apple Development Push Services along with private key, and uploaded .p12 file to firebase. Then it said there was an error reading your certificate.
So the solution is don't export private key along with Apple Development Push Services item. Now generated .p12 file uploaded in Firebase. And the upload was successful.
Hope it will help to someone.
I am currently testing an app in TestFlight and need a production APNs certificate in order to test Notifications in Firebase.
I have followed all of the steps in this video and successfully configured the development APNs certificate:
https://www.youtube.com/watch?v=LBw5tuTvKd4
I've also checked that my steps following the Firebase support guide. Although I note that the Apple Developer site has changed slightly since this guide was written:
https://firebase.google.com/docs/cloud-messaging/ios/certs#configure_an_app_id_for_push_notifications
I have generated a production APNs certificate at developer.apple.com using the same method as the development certificate but when I try to upload the .p12 file to Firebase, it gives me the following error:
"The certificate environment did not match. Ensure that you got the right development or production APNS certificate."
I'm definitely uploading a .p12 generated from a production APNS certificate, is there something else I need to do for a production certificate?
Solved. The mistake I was making was that I was exporting the "private key" part of the certificate in Keychain Access instead of the "certificate" part. As soon as I re exported the .p12 using the correct row in the list - it worked.
Images to illustrate below credit iOS
Correct method:
try this
make .csr file and download cert from developer.apple.com
while exporting select private key and certificate both at a same time and export to .p12 with any passphase.
upload tht .p12 file on firebase console.
Thanks
Don't select private ket in key chain, directly select certificate and create production certificate.
1) Don't select private ket in key chain.
2) Directly select certificate and create production certificate
I am facing the same problem and i have tried all above mentioned solution but nothing works for me than i delete certificate from keychain access and again download certificate and install it than export and try to upload it. It works for me.
When I tried the solution suggested here, nothing works (This probably means I am doing right). I solved this issue by replacing Chrome (The application is running for a very long time) with Safari (I invoke the application just for this purpose) for the upload.
That means, if restart Chrome might also work.
FYI.
In my case I wanted to upload a production certificate to Firebase, and after trying everything I finally realized that I had created a development certificate on iOS Developer...
There might be an inssue of semantics in some cases, so pay attention to meaning.
When you have to upload the certificates in firebase console there are 2 boxes with placeholder text which read:
1. No development APNs certificate
2. No production APNs certificate
In my case, I had understood that I must not upload a development APNs certificate in box 1. Actually, firebase meant that no development Apns certificate has been uploaded yet and that I could upload my certificate.
I was having this problem after my previous p12 had expired, I was trying to upload as a new certificate and was getting the “does not match the current environment” error but it uploaded fine once I updated the expired p12 with the new p12 instead of trying to upload the new one alongside the expired one.
Certificates, provisioning profiles and setting Apple Push Notification is the part I could never grasp fully since first day. I believe a lot of people are having similar issues looking at SO questions. Unfortunately after long approval process and finally the app being in Appstore, my apps push notification is not working. While in development, the push notification was working perfectly. I guess I made a mistake in setting production certificates just before app store submission (most probably the reason was my frustration with this subject - or my lack of knowledge - we will find out..)
Now the technical part:
I submitted my App with the APN certificate labelled as 1. After we figured the PN are not working, I created the certificate labelled as 2. I will talk about it later.
And here is the Keychain access screenshot from the computer I created the certificates from (The labels are matched with the above certificates image):
As you can see, the certificate 1 doesn't have a private key attached to it. (Is this a problem?!) I don't know how it happened or if I have deleted it by mistake or never created it in the beginning. All the rest have private keys attached to the certificates.
Thinking that this must be the reason for the PN not working, After the app was in Appstore, I created a new APN certificate labelled 2. This time with a private key attached:)
And here is how I export the certificate and private key couple to a .p12 file. I don't think this part is wrong since it is the same procedure I used for development .p12:
Whatever I tried, (I exported every possible .p12 combination of the 4 certificates and 3 private keys and embedded them to our server) Push notifications are not working.
So my question is:
Do I have to re-submit my app to the Appstore again with brand new certificates? This would be really bad since the people who downloaded the app will not have Push notification functionality for another at least 12 days. (thats how long it took Appstore to review last time)
Is there still a chance that I can play with the Apple Developer Console and alter/create new certificates/provisioning files/APN certificates and get this thing working without the need for a re-submission.
Thanks for reading the somehow long question. Any help/thought would be appreciated.
No, there is no need of re-submitting the app.
For certificate 1 - yes missing private key means certificate is not correct.
where as certificate 2 you can again export .p12 file or you can create a new certificate and create .p12 file.
and yes, you can play around for .p12 file.
I am getting push notification while using development provisioning profile.
when i switch to distribution provisioning profile i did not get push notification.
my app id is same for both development and distribution profiles.
I created separate apns certificates for both development and distribution, but i am not getting push notification.
why it happened like this.
Please give your suggestions to find out the solution for this problem.
If you are using the same app id for development and distribution mode.
Then use the same .CSR file to generate production certificate and
Use the production certificate and .p12 file generated from that .CSR file to make .pem file.
For more information you can follow this tutorial, where you can test if you have made a valid .pem file.
hope this will help you.
I was also facing the same issue and tried different approaches from net.But no luck. Because the solution may vary from person to person.
Try different approaches.
This approach solved my problem:
While creating Production SSL certificate, do not change the name "aps_production.cer".
And before creating Development related certificates, first create certificates(SSL,provisioning,p12) for only production.
And also use the same ".certSigningRequest" file for both development and production. No need to create two files.
It really worked for me after trying different approaches. Give it a try.
Kindly refer below links:
ios-push-notifications
apple-push-notification-services-in-ios-6-tutorial
These links may help you
Currently, I have one app publishes in the appStore and I don't know exactly why the push notifications are not working. Something is wrong with the .p12 file in my server because when my server try to generate a push and send it to Apple Environment, I can see next error in my log:
02-27 11:42:11,868 [IOSPushNotificationSender] ERROR javapns.notification.PushNotificationManager - Delivery error: javapns.communication.exceptions.InvalidCertificateChainException: Invalid certificate chain (Received fatal alert: certificate_unknown)! Verify that the keystore you provided was produced according to specs...
2013-02-27 11:42:11,874 [IOSPushNotificationSender] ERROR camMan.server.mobile.ApplePNSSender - javapns.communication.exceptions.InvalidCertificateChainException: Invalid certificate chain (Received fatal alert: certificate_unknown)! Verify that the keystore you provided was produced according to specs...
Ok, I've tried to generate a new .p12 file but I don't remember exactly which one was the original certificate (.cer).
I've tried to download the (.cer) from the provisioning profile but when I open it with keychain access, this certificate hasn't got any private key.
So, I am lost, I don't know what can I do...Can I generate a new .p12 file without to have to modify any certification or whatever in my app? I don't want to upload a new version of my app in appStore...only I need to know how generate or download or whatever to set a new and valid .p12 file and send again push notifications.
Also I've checked all the settings in provisioning portal and everything is Enabled,Active like others apps that I have...so I think the only problem is the .p12
Also I still have the same key/paswoord of the p.12...only I've lost the CSR (.cer).
It sounds like the private key is missing on your machine - either it was deleted, or it belongs to another Mac.
In either case, you can simply revoke the existing vert and create a new one by uploading a new CSR (created by the Keychain Access app on your Mac).
Without a private key, your certificates and provisioning files are worthless. Revoke them all, delete them all, and regenerate new certificates and provisions after carefully re-reading Apple's documentation on the topic. You must modify the Build settings in your Xcode projects to use the new ones if it doesn't do this automatically. This won't affect apps already approved and in the App Store.
Since you had push notifications working during development phase are probably familiar with the procedure of installing certificate to your server.
You can create and install a new certificate whenever you want if you lost your old files.
Two things you have to keep your eye on:
development phase:
you are using Development Push SSL Certificate
your target server is: gateway.sandbox.push.apple.com
production phase:
you are using Production Push SSL Certificate
your target server is: gateway.push.apple.com