Menu
I am new to php and I am getting this error trying to load a cert
jameys-macbookpro41:~ user$ php -f ~/Sites/providerService.php
Warning: stream_socket_client(): Unable to set local cert chain file `cert.pem'; Check that your cafile/capath settings include details of your certificate and its issuer in /Users/jamey/Sites/providerService.php on line 27
cert.pem is in the same folder as the php file. the file cert.pem was created in the Apple keychain tool
class pushNotifications {
...
private $sslPem = 'cert.pem';
...
function connectToAPNS(){
$streamContext = stream_context_create();
stream_context_set_option($streamContext, 'ssl',
'local_cert', $this->sslPem);
Thanks for any help!
781
The most common cause of a "certificate not trusted" error is that the certificate installation was not properly completed on the server (or servers) hosting the site. Use our SSL Certificate tester to check for this issue. In the tester, an incomplete installation shows one certificate file and a broken red chain.
Login to your Cloudways platform, go to Applications and click on the PHP site you want to add an SSL to. Click on your application to get into the Application Management dashboard. You will see two options: one is for Let's Encrypt, and the other is for installing Paid Certificate.
I was having this issue as well, it turns out that for some reason my private key didn't match the one associated with the aps_developer_identity.cer I had...
I ended up clearing all of my public and private keys from my 'login' keychain item, then I started the entire process over again (Generated the request)...I submitted the new request file on the program portal and generated a new certificate, downloaded, and installed it by double-clicking it (developer_identity.cer). Then, I reset the provisioning profiles to use the new Push SSL certs, downloaded those, and installed them by double-clicking (aps_developer_identity.cer). Finally, I reset the provisioning profile and downloaded the new one. I cleared out the old one in the Xcode Organizer, and installed the new one. Finally, I exported my 'private' key as key.p12 and my aps_developer_identity.cer as apsdi.p12, and ran the following commands against them:
openssl pkcs12 -clcerts -nokeys -out apsdi.pem -in apsdi.p12
openssl pkcs12 -nocerts -out key.pem -in key.p12
If you're okay using a passphrase (recommended for production):
cat apsdi.pem key.pem > cert.pem
If you wish to use a 'blank' passphrase, you'll need to unencrypt your private key first, using the password you specified when you converted it to pem format:
openssl rsa -in key.pem -out key.unencrypted.pem
And then cat the cert and unencrypted key into apns.pem (or whatever filename you have chosen):
cat apsdi.pem key.unencrypted.pem > apns.pem
It's very important that you export your aps_developer_identity certificate, not your developer_identity certificate as apsdi.pem.
If you can expand your developer_identity.cer and aps_developer_identity.cer entries in Keychain Access, and you see a 'private' key when you do, everything should work.
119
You are getting an error because it's trying to find your cert.pem file in the directory you are running the script from, not the directory the script is in. In your example, it is your user directory "~".
Try changing your class to this, or something similar:
class pushNotifications {
...
private $sslPem = 'cert.pem';
...
function connectToAPNS(){
$streamContext = stream_context_create();
stream_context_set_option($streamContext, 'ssl', 'local_cert', dirname(__FILE__) . '/' . $this->sslPem);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
