I am going to use a linux server for push notifications.
Is the following correct?
Generate a CSR of the linux server
Upload the file to Apple to generate a cert
Change this cer to pem and then conbine with my private key pem of linux
Use the combined pem in my code
Is this correct? Since I get confused by the Apple document, I can now only test push notifications in my mac book, and can't test on other servers.
You don't have to generate the CSR on your linux server.
You can use the pem or p12 file you created (using your mac book) on any server.
If your code works when you test it on your mac book, it will work on any server. You just have to copy the pem or p12 file to that server.
Related
I'd like to create a certificate from Apple developer account and use it to sign Apple Wallet passes / passbook. So I can implement a server to generate the wallet passes to serve up my mobile app.
The challenge to me is I'm on linux (Ubuntu to be specific). There are a bunch of npm modules as far as I can see, that can be used to implement a server to generate the pass but the first step is to create a certificate from Apple. So my question is it seems to me that is not even possible without a Mac? Does anyone know if it is even possible to create that certificate from a linux machine like Ubuntu?
Thanks
You do not create the certificate yourself, you create a private key and certificate signing request and upload the certificate signing request to Apple. They then issue a certificate that matches your private key.
This can be done on any operating system using OpenSSL. When creating the CSR you can provide any values as Apple will ignore them and replace with the PassTypeIdentifier, Team Name and Team Id.
The OpenSSL commands you need are:
openssl genrsa -out /path/to/my-private-key.pem 2048
openssl req -new -key /path/to/my-private-key.pem -out /path/to/my-request.csr
When setting up Fastlane Match, I broke push notifications (production and staging) on my iOS application (the nuke command probably did it). Production was logging the errors correctly.
I generated new certificates with the Fastlane pem command for both production "com.app.prod" and staging "com.app.qa". It generates new "production" Apple Push Services certificates on the Apple dev site and creates the needed pem files.
I converted the prod pem file to the correct p12 file with the openssl pkcs12 -export -in "production_com.app.prod.pem" -out "com.app.prod.p12" command and openssl pkcs12 -export -in "production_com.app.qa.pem" -out "com.app.qa.p12" for staging. Uploaded both to AWS SNS service (no sandbox) with no issues.
This fixed the production server. It worked with our old application (before the certificate changes) and the new version.
But our Testflight staging application was still broken. It did not work with the old or the new version of the iOS application. No errors are coming through. The application registers correctly with the Apple Push Notification service (APNs) and sends the token to our server. Manually pushing a message with an AWS endpoint does not work either but it says it was successfully sent.
Tried regenerating the certificates (made sure I'm uploading the correct ones). I'm using the same iOS device for all my testing. Our Android notifications are still working fine on staging.
Tried http://pushtry.com, says it was successful but never got any message.
Also tried the command openssl s_client -connect gateway.push.apple.com:2195 -cert "production_com.app.qa.pem" -key "production_com.app.qa.pem", with no errors returned.
I'm lost where the issue could be or how I could debug this further. So any suggestions will be helpful.
I have bought my domain from whois and my site (Asp.Net MVC) in deployed in Azure. I want to add SSL which I want to buy from GoDaddy.com. To do that I have to generate CSR (certificate signing request) in Azure so that I can use it to get my SSL certificate from GoDaddy.
So how can I generate CSR in Azure?
We can't generate CSR in Azure. We could used IIS ,Certreq.exe or makecert.exe to generate your certificate request, install the certificate to your local machine, and then export the certificate to PFX. More details about how to bind custom-ssl, please refer to official tutorial. The following is details about how to use makecert.exe to create CSR:
Create a cert with makecert.exe that is under the VS folder after install the VS. The following code is just for demo
makecert -sky exchange -r -n "CN=[CertificateName]" -pe -a sha1 -len 2048 -ss My "[CertificateName].cer
After that we could export Base64-encoded .cer file
Update:
Requirements for your SSL certificate, the following is the snippet from the tutorial
To use a certificate in App Service, the certificate must meet all the following requirements:
Signed by a trusted certificate authority
Exported as a password-protected PFX file
Contains private key at least 2048 bits long
Contains all intermediate certificates in the certificate chain
If we want to use self signature certificate we need to Export a Certificate with the Private Key. And then we could follow official tutorial to upload the .PFX file to Azure WebApp.
Note: If we use self signature certificate , it will be not trusted.
Azure doesn't provide any mechanism to generate CSR. There are several ways to generate CSR:
Using certificate MMC
Using IIS Manager
using certreq.exe
using openssl
and many more
I would suggest you to use the Digicert's CSR generation tool. It can be used to generate a CSR and then you can use this to submit to GoDaddy. Here are the instructions on how to do this: CSR Creation in Azure App Service
Once you submit the CSR to the CA, they will provide you a .cer/.crt/.der file, which doesn't contain the private key.
You will first need to import this certificate to bind the private key with the cert. Once done, export the certificate with the private key so that you can generate a .PFX file, which the Azure App Services needs. You can again use Digicert's certificate utility to export the certifiate in pfx format. See this: How to Export Your SSL Certificate w/Private Key Using the DigiCert Certificate Utility
Or you can use the certificate console via MMC. See this:
Add the Certificates Snap-in to an MMC
Export a Certificate with the Private Key
I'm trying to get my server to deliver push notifications via Apple's Push Notification service. (APNs)
My setup is as follows:
Cordova HTML/JS app
API in Rails on VPS via https
Houston gem for Push Notifications
I've created a certificate for development on my mac. When I run my server locally it successfully sends the notification to my iPhone.
I'm now trying to get it working on my server but without luck. I've generated a CSR locally, uploaded it in Apple's iOS App ID's editor and downloaded the CER. I then exported the CER to p12 with Keychain Access and converted that to a PEM file with the following command:
openssl pkcs12 -in apn_production.p12 -out apn_production.pem -nodes -clcerts
Houston needs this PEM file to send push notifications, I've done the same for development and it worked, but it needs to send from a server now, which could be the problem, I don't get any errors though. The notifications just don't arrive, which could be a production/development mistake I'm making.
I also tried creating a CSR file on my server and upload that via the iOS App ID's editor, but when I download the CER and open it in Keychain Access I'm not able to export it to P12, only to CER, PEM and P7B. Also there isn't a private key in this file, which there is within my locally created development certificate. Also when I export it to PEM and use it with Houston on my server it throws an error that the certificate is invalid.
Another thing I tried was upload the CSR generated by my VPS on the Apple Push Certificates Portal. This throws an error mentioning the certificate is invalid.
There's a couple things I'm not sure of:
1. Am I in development or production mode?
The app is not yet in the app-store, but it is in beta mode to download via TestFlight and push notification need to be send from my server. Is this a production environment or development or do I need to define this manually somewhere before building the App?
2. Is it possible to use a locally generated CSR for a PEM to be used on my server?
Am I right that I need a server generated CSR to start with when I finally need a PEM to send push notifications with from my server?
3. What do do now, how should I debug?
The PEM generated from my locally generated CSR is now uploaded to my server and Houston doesn't throw errors whatsoever. The push notifications don't arrive though, so, what should I do, can I trace these push notifications somewhere? Is there some APN logfile which I can read?
1) You need to use production certificates for sending push notifications via test flight.
2) You do not need a server generated CSR. You only need a valid ".pem" for sending push notification.
3) You need to remove sanbox (sandbox mode) from push notification url in push sending script. Also check if port 2195 of your server is open for communication or not because APNS communicates via this port.
I read this tutorial: http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1
He is generating the certificate signing request on his Mac using Keychain Access:
For Production, we are using an Ubuntu Server. Do you have to generate the CSR on the Ubuntu Server directly, or can you use the certificate generated on my Mac?
If you have to generate the CSR on the Ubuntu server, how can this be done?
You can use the CSR generated on the Mac. Once you have the signed certificates (one for development and one for production) from the Apple Developer portal you will need to export them (including the private key) for use on your server, as per your second screen shot.