Pushsharp send apple notification failed : SSL Stream Failed to Authenticate as Client

Question

I trying to send push notification to apple devices using Pushsharp library on ASP.NET MVC project hosted on IIS.

My code :

 public static void SendAppleNotification()
        {
            // Configuration (NOTE: .pfx can also be used here)
            byte[] arr = File.ReadAllBytes("D:\\MySoftware\\pa_Dev.pem");

            var config = new ApnsConfiguration(ApnsConfiguration.ApnsServerEnvironment.Sandbox,
     arr, "1234");

            // Create a new broker
            var apnsBroker = new ApnsServiceBroker(config);

            // Wire up events
            apnsBroker.OnNotificationFailed += (notification, aggregateEx) => {

                aggregateEx.Handle(ex => {

                    // See what kind of exception it was to further diagnose
                    if (ex is ApnsNotificationException)
                    {
                        var notificationException = (ApnsNotificationException)ex;

                        // Deal with the failed notification
                        var apnsNotification = notificationException.Notification;
                        var statusCode = notificationException.ErrorStatusCode;

                        Console.WriteLine($"Apple Notification Failed: ID={apnsNotification.Identifier}, Code={statusCode}");

                    }
                    else
                    {
                        // Inner exception might hold more useful information like an ApnsConnectionException           
                        Console.WriteLine($"Apple Notification Failed for some unknown reason : {ex.InnerException}");
                    }

                    // Mark it as handled
                    return true;
                });
            };

            apnsBroker.OnNotificationSucceeded += (notification) => {
                Console.WriteLine("Apple Notification Sent!");
            };

            // Start the broker
            apnsBroker.Start();


                // Queue a notification to send
                apnsBroker.QueueNotification(new ApnsNotification
                {
                    DeviceToken = "660E4433785EFF2B2AA29D5076B039C969F1AADD839D79261328F40B08D26497",
                    Payload = JObject.Parse("{\"aps\":{\"badge\":7}}")
                });


            // Stop the broker, wait for it to finish   
            // This isn't done after every message, but after you're
            // done with the broker
            apnsBroker.Stop();


        }

Notes : 1- Tried to change pem extension into p12 and same issue still occurred. 2- I tried to send push notification using https://pushtry.com/ and its working fine so issue not from certification file or password.

The issue inside pushsharp or there is configurations missing must done on my machine, Any one have idea ?

Answer 1

This just happened to me as of 23 July, 2019. It looks like Apple is now enforcing TLS 1.2 for the sandbox voip push notification server at

gateway.sandbox.push.apple.com - port 2195
feedback.sandbox.push.apple.com - port 2196

I found that I had to check out the latest code from https://github.com/Redth/PushSharp (master branch), build it, and then manually add a reference to the built DLLs in my project.

Previously I was incuding the NuGet PushSharp package, which is now 3 years old and hasn't been updated. If you look at the recent commits on the master branch there is some change there related to Apple and TLS, so I am certain this has fixed it.

Answer 2

My issue fixed by generating p12 file from pem using the below command not by renaming the file extension.

openssl pkcs12 -export -inkey sofwareKey.pem -in software_Prod.pem -out cert_key.p12

see more

https://www.paypal.com/us/selfhelp/article/how-do-i-convert-my-pem-format-certificate-to-pkcs12-as-required-by-the-java-and-.net-sdks-ts1020

may helpful to anyone.