Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Couldn't able to connect to APNS Sandbox server

I am trying to connect to Apple APNS server with the following observations:

1)port 2195 is open 2)With Valid key passphrase for APNS_SSLCertificate_Key.pem 3)Entrust certificate (2048) downloaded from https://www.entrust.net/downloads/binary/entrust_ssl_ca.cer

4)With the successful telnet response as below :

$ telnet gateway.sandbox.push.apple.com 2195 Trying 17.172.232.226... Connected to gateway.sandbox.push-apple.com.akadns.net. Escape character is '^]'.

But when i run the following openssl command in my server to test the APNS connectivity :

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert  APNS_SSLCertificate_Key.pem -debug -showcerts -CAfile server-ca-cert.pem

I am getting error as follows:

unable to load certificate 57013:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/pem/pem_lib.c:650:Expecting: TRUSTED CERTIFICATE

So please suggest how to resolve this problem

Thanks in advance ......

like image 543
Fedrick Avatar asked Jul 21 '11 13:07

Fedrick


People also ask

What is APNs sandbox?

Apple provides a sandbox endpoint that can be used for testing push notifications. The sandbox ensures that device IDs in that environment will not work in production and are thus safe for testing purposes.

What port does APNs use?

Android. Port 443 (HTTPS only)

Which external ports do I need to open on my firewall for the push and the APNs MDM functionalities?

If you're using a firewall or private Access Point Name for mobile data, your Apple devices must be able to connect to specific ports on specific hosts: TCP port 5223 to communicate with APNs. TCP port 443 or 2197 to send notifications to APNs.

What is APNs Apptds com?

Apple Push Notifications service (APNs) is a cloud-based service that enables third-party apps to establish a connection with a device and send push notifications from a remote server to users within a secure connection.


1 Answers

I ran into this same issue; what eventually resolved the error was to re-export the Entrust certificate from System Roots of OS/X Keychain Access application.

To be complete, I'll give a complete explanation of how I created the key/cert files (something which should have been in Apple's TechNote 2265: https://developer.apple.com/library/content/technotes/tn2265/_index.html)

Creating your APN-cert-and-key:

  1. Run Keychain Access; select "login" Keychain and "My Certificates" category
  2. Select the certificate with the name format of "Apple Development IOS Push Services: ..."
  3. Export the certificate (in the menu, under "File" .. "Export Items")
  4. Export to .p12 format.
    This now contains your certificate and private key in an encrypted interchange format. The next step is to convert it to a passphrase protected .pem file
  5. Using terminal, execute the following command (using your own filenames, of course):

    openssl pkcs12 -in PushCertKey.p12 -out PushCertKey.pem

    (You will need to enter the password for the .p12 file and provide another passphrase for the .pem file.)

    If you really really really don't want a passphrase on the .pem file, try:

    openssl pkcs12 -in PushCertKey.p12 -out PushCertKeyNoCrypt.pem -nodes

Creating CA Certificate file:

  1. List item
  2. Run Keychain Access application
  3. Go to System Roots
  4. Export the certificate named "Entrust.net Certification Authority (2048)" to a .pem file.

    Note: My Roots container has four Entrust certificates; two of them with the name "Entrust.net Certification Authority (2048)" (but with different certificate extensions, via Get Info). Both of the "Entrust.net Certification Authority (2048)" certificates where effective in validating the trust chain; the other two Entrust certificates did not work. More significantly, the Entrust certificate pointed at by the Apple TechNote 2265 also does not work.

    Make sure you export to .pem format; the default is .cer and this step is easy to miss.

Run the verification command:

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert PushCertKey.pem -debug -showcerts -CAfile "Entrust.net Certification Authority (2048).pem" 

This server and process assume that your are connecting to Apple's Dev sandbox APN server; if you are trying to use the production APN server, you will need to use the correct server and port.

For more information on openssl, I suggest the following pages:

  • https://www.madboa.com/geek/openssl/
  • https://www.sslshopper.com/article-most-common-openssl-commands.html
  • http://gagravarr.org/writing/openssl-certs/general.shtml
like image 94
Robert Altman Avatar answered Sep 30 '22 17:09

Robert Altman