Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cannot connect to APNS: return code 20 (unable to get local issuer certificate)

I'm trying to use PyAPNS to send push notifications to an iPhone app. We have gone through the process of getting the certificate from the Apple dev center, which works fine; however, we've followed several different tutorials for how to put together the certificate and private key into a single .pem file, and for all of them, attempting to connect to the APNS server using OpenSSL from our web server using the resulting certificate gives this error:

$ openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert apns.pem
CONNECTED(00000003)
depth=1 C = US, O = "Entrust, Inc.", OU = www.entrust.net/rpa is incorporated by  reference, OU = "(c) 2009 Entrust, Inc.", CN = Entrust Certification Authority - L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
[...certificate chain, server certificate, etc.]

Sometimes we're able to type something at the end of all this and the connection doesn't close until we press enter, sometimes not (it closes immediately), but even when we appear to have a connection, PyAPNS always fails when we try to send a push notification, giving the error "Fault 500: 'Connection to the APNS server could not be made.'", which I can only assume is for the same reason as the "unable to get local issuer certificate" - though I have no idea whhat reason that could be.

The tutorials we have been following include:

http://blog.serverdensity.com/how-to-build-an-apple-push-notification-provider-server-tutorial/

http://www.raywenderlich.com/3443/apple-push-notification-services-tutorial-part-12

http://www.nasoni.net/2010/12/02/apns-client-development-certificate/

http://thebirdytoldmeso.com/%28S%28l131v3jmvpdh5255u1jayp20%29%29/userActions/thread/Question.aspx?id=10302792

Yes, we have been removing the password from the private key and it doesn't ask for it when we try to connect with OpenSSL, so presumably that part is working okay.

We don't have any idea what is going wrong. Infuriatingly, all these tutorials (and Apple, apparently) take as a given that you're using a Mac, while I'm developing on Windows and the server (which I'm the one working on) is Ubuntu; my coworker who is on a Mac has been doing various prefixes of the first steps before sending the resulting files to me to upload to the server and perform the final steps. Could that have something to do with it, somehow? Or is there a step of necessary server setup that is being omitted everywhere?

like image 965
antialiasis Avatar asked Aug 16 '12 11:08

antialiasis


People also ask

How do I fix unable to get local issuer certificate?

When ssl certificate problem unable to get local issuer certificate error is caused by a self-signed certificate, the fix is to add the certificate to the trusted certificate store. Open the file ca-bundle. crt located in the directory above, then copy and paste the Git SSL certificate to the end of the file.

What Does it Mean Unable to get local Issuer certificate?

The error "Unable to get local issuer certificate" is caused by a misconfiguration of the SSL certificate on your machine. An SSL certificate is code on your web server that provides security for online communications. Thus, the error is occurring because the server cannot create a secure connection with your machine.

What is development APNS certificate?

Apple Push Notification Service (commonly referred to as Apple Notification Service or APNS) is a platform service created by Apple Inc. that enables third party application developers to send push notifications to iOS users. You must have Paid Apple Developer account to create certificates.


1 Answers

Test your certificate with the simplepush php script in the tutorial from raywenderlich.com and then we can move along from there. Sometimes it seems like the certificate is fine but apple is crazy finicky about all of that stuff.

Error twenty I think means a problem with your private key and I think there might be a problem with your provisioning file as well according to this: http://www.raywenderlich.com/forums/viewtopic.php?f=2&t=380&start=100 .

Make sure you are exporting everything correctly and if need be revoke and make new certificates. Hope you can get this solved! :)

like image 192
evan.stoddard Avatar answered Sep 20 '22 06:09

evan.stoddard