Apple APNS and "Entrust Secure CA root certificate"?

Question

I'm trying to send push notifications to iOS devices.
I've created a developer certificate for the APNS and bonded it with the application identifier.

I then proceeded to use Pushy ( https://github.com/relayrides/pushy ) to establish a connection to the APNS server:

final PushManagerFactory<SimpleApnsPushNotification> pushManagerFactory =
        new PushManagerFactory<SimpleApnsPushNotification>(
                ApnsEnvironment.getSandboxEnvironment(),
                PushManagerFactory.createDefaultSSLContext( DEV_CERT_P12__PATH, DEV_CERT_P12__PASSWORD )
                );

final PushManager<SimpleApnsPushNotification> pushManager = pushManagerFactory.buildPushManager();

pushManager.registerFailedConnectionListener(new MyFailedConnectionListener());

pushManager.start();

....

public static class MyFailedConnectionListener implements FailedConnectionListener<SimpleApnsPushNotification> {

    public void handleFailedConnection(
            final PushManager<? extends SimpleApnsPushNotification> pushManager,
            final Throwable cause) {

        System.out.println("ERROR  -  "+ cause.toString());

        if (cause instanceof SSLHandshakeException) {

            // This is probably a permanent failure, and we should shut down
            // the PushManager.
        }
    }
}

I get this error: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown.


I'm using the P12 file I've created from the private key of the certificate I've bonded with the app at developer.apple.com

After much search I've managed to get some information as to why I can't get this thing to work, in the Apple Doc:

Note: To establish a TLS session with APNs, an Entrust Secure CA root certificate must be installed on the provider’s server. If the server is running OS X, this root certificate is already in the keychain. On other systems, the certificate might not be available. You can download this certificate from the Entrust SSL Certificates website.

However, I still have no idea what I'm suppose to do.
I would really appreciate some more specific guidance here.

Thank you.

Answer 1

I've found the solution. And as the one who suggested it to me, I have no idea why it solved the issue.

Using OpenSSL, I've converted the P12 file (I got from the Keychain Access), to PEM, and from PEM back to the P12...

1. Convert the CER file downloaded from app's APN (at developer.apple.com), to PEM
   openssl x509 -in aps_development.cer -inform DER -out aps_development.pem -outform PEM
   
   
2. Convert the P12 file created with Keychain Access to PEM
   openssl pkcs12 -nocerts -in Certificates.p12 -out Certificates.pem
   
   
3. Create a new, GOOD, P12 file
   openssl pkcs12 -export -inkey Certificates.pem -in aps_development.pem -out GOOD_Certificates.p12

For more information: http://help.adobe.com/en_US/as3/iphone/WS144092a96ffef7cc-371badff126abc17b1f-7fff.html