Asked  7 Months ago    Answers:  5   Viewed   33 times

Yes: there are many duplicates to this question, but none of the answers helped.

I am following this great tutorial by Ali Hafizji on using APNS service for push notifications.

Testing APNS in development mode:

  • download aps_development.cer
  • export the private key for the certificate (aps_development_key.p12)

Then I combined the two using following commands (using terminal):

openssl x509 -in aps_development.cer -inform der -out aps_development.pem
openssl pkcs12 -nocerts -out aps_development_key.pem -in aps_development.p12
cat aps_development.pem aps_development_key.pem > final_aps_development.pem

And (using ApnsPHP on server) I could successfully send a push-notification with this configuration:

...
$push = new ApnsPHP_Push(ApnsPHP_Abstract::ENVIRONMENT_SANDBOX,'final_aps_development.pem');
$push->setRootCertificationAuthority('entrust_root_certification_authority.pem');
$push->setProviderCertificatePassphrase('mypassword');
...

A sidenote: i took the entrust_root_certification_authority.pem from https://github.com/jonathanrcarter/push2press, the correct address to look for it would probably be https://www.entrust.net/downloads/binary/entrust_2048_ca.cer (they are the same thing anyway).

In this case application was running in debug mode (on device, run from XCode) and everything was working fine.

Testing APNS in production mode:

To test APNS in production mode i archived the app for AdHoc distribution and installed it on device with iPhone Configuration Utility.

I followed the same procedure with aps_production.cer to make final_aps_production.pem.

Bang, the php script that is called to send push-notifications returned HTML Status Code 500.

The $push generation was of-course modified for production mode:

...
$push = new ApnsPHP_Push(ApnsPHP_Abstract::ENVIRONMENT_PRODUCTION,'final_aps_production.pem');
$push->setRootCertificationAuthority('entrust_root_certification_authority.pem');
$push->setProviderCertificatePassphrase('mypassword');
...

A quick look to /var/log/apache2/error.log indicated the problem:

PHP Fatal error:  Uncaught exception 'ApnsPHP_Exception' with message 'Unable to connect to 'ssl://gateway.push.apple.com:2195':  (0)' in /var/www/gettapro/mobile/ApnsPHP/Abstract.php:398nStack trace:n#0 /var/www/gettapro/mobile/ApnsPHP/Abstract.php(334): ApnsPHP_Abstract->_connect()n#1  ....

Googling around (there are many people having this problem) proved fruitless.

Many different advices, such even so bizzare as to change the file permissions of the directory holding the certificates to 775... none of the suggestions worked for me.

I have also tried this change in ApnsPHP/Abstract.php (suggested here: https://github.com/duccio/ApnsPHP/issues/29) but with no success.

$streamContext = stream_context_create(array('ssl' => array(
             //'verify_peer' => isset($this->_sRootCertificationAuthorityFile),
            'cafile' => $this->_sRootCertificationAuthorityFile,
            'local_cert' => $this->_sProviderCertificateFile
        ))); 

That pesky ApnsPHP_Exception did not go away.

Of course i also made sure that when i was testing the production mode the correct device APNS token - device APNS tokens in debugging and production mode are not the same - was used.

Anyway: tokens can not be a problem since my notification sending script can't even connect to ssl://gateway.push.apple.com:2195.

Tried to connect ssl://gateway.push.apple.com:2195 via telnet just to make sure: connection was fine.

It became obvious: it is a certificate problem.

 Answers

64

It seems that aps_production.cer shouldn't be handeled the same way as aps_development.cer

Here comes the RTM moment.

Download and install certificate in the keychain (double clicking aps_production.cer)

Export a .p12 version of aps_production certificate (you also set a password here) from the Keychain Access.

Convert it to .pem format using this command (you will have to enter password here):

openssl pkcs12 -in aps_production.p12 -out final_aps_production.pem -nodes

And voilà - everything started working and i am a happy camper again.

There are great tutorial-like instructions by Jeremy on how to export certificate & key here on SO.

Wednesday, March 31, 2021
 
Sanguine
answered 7 Months ago
30

[EDIT] Could you try setting the obsolute path to certificate file in config?

You can check this to solve peer verification issue.

Install the certificate http://code.google.com/p/apns-php/wiki/CertificateCreation#Verify_peer_using_Entrust_Root_Certification_Authority

Use here

stream_context_set_option($ctx, 'ssl', 'cafile', 'entrust_2048_ca.cer');

Note: Disable the verification also works.

Saturday, May 29, 2021
 
Nickool
answered 5 Months ago
58

In your model.

has_attached_file :picture, 
                   :styles => {:large => "275x450>"},
                   :storage => :s3, 
                   :s3_credentials => "#{RAILS_ROOT}/config/s3.yml",
                   :path => "appname/:attachment/:style/:id.:extension"

In s3.yml in your config dir:

    development:
      bucket: bucketname
      access_key_id: key
      secret_access_key: key

    production:
      bucket: bucketname
      access_key_id: key
      secret_access_key: key

Then go signup for a bucket at Amazon S3: http://aws.amazon.com/s3/

Friday, August 13, 2021
 
ramdemon
answered 2 Months ago
67

Here is three cases you can check at your end:-

  1. Make sure that you have used the right production certificate on your server side. since we need to create two different certificates for production and sandbox. make sure you are using correct certificate on server.

  2. second you can check that you have use the right gateway and port number on server side. Since gateway for production and sandbox are different one. Gateway used for production is:- gateway.push.apple.com. and also you are using correct password on server for your certificate your have used on your server.

  3. third you can check if the notification on your device is enabled or not. You need to enable it on your iPhone as well. Make sure that is on your device.

Let me know if it works for you.

Tuesday, August 17, 2021
 
Fernando
answered 2 Months ago
91

I got same error, and this is what I did:

1) updated my openssl (i think u dont need this) got to step 2, cause this will take about 10 minutes

brew install openssl

make sure u updated it correct:

openssl version

If not, try this or google:

brew link --force openssl

2) check you php default_cert_file path:

php -r "print_r(openssl_get_cert_locations());"

this is what i got:

Array
(
[default_cert_file] => /usr/local/libressl/etc/ssl/cert.pem
[default_cert_file_env] => SSL_CERT_FILE
[default_cert_dir] => /usr/local/libressl/etc/ssl/certs
[default_cert_dir_env] => SSL_CERT_DIR
[default_private_dir] => /usr/local/libressl/etc/ssl/private
[default_default_cert_area] => /usr/local/libressl/etc/ssl
[ini_cafile] => 
[ini_capath] => 
)

3) download cacert.pem from here:

wget http://curl.haxx.se/ca/cacert.pem

4) move cacert.pem file to your default_cert_file path (as root):

sudo mv cacert.pem /usr/local/libressl/etc/ssl/cert.pem

probably i'll need to create this directory first

After this, my php script worked.

Sunday, September 26, 2021
 
motanelu
answered 4 Weeks ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :