iOS Push Notifications not working for Distribution

Question

I have tried the Push Notification for my application for development and it's working fine. When I am generating the .p12 file of production(distribution) it's getting created. After deployin .pem file on the server it's throwing and error.

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server s ession ticket A: sslv3 alert certificate unknown):" }

Server : RoR(Ruby on Rails) Any help would be very appreciable.

Note : For the development .p12 it's working fine. The issue is when I'm deploying distribution .p12. Please suggest what may I be missing.

Thanks and Regards

Answer 1

I was using gem 'rpush', which took pem file from the credentials folder & stored it in database. My solution was to delete all the old Rpush::Apns::App records from database and regenerated records after updating pem file in my credentials folder.

app = Rpush::Apns::App.new
app.name = "ios_app"
app.certificate = File.read("/path/to/sandbox.pem")
app.environment = "sandbox" # APNs environment.
app.password = "certificate password"
app.connections = 1
app.save!

n = Rpush::Apns::Notification.new
n.app = Rpush::Apns::App.find_by_name("ios_app")
n.device_token = "..." # 64-character hex string
n.alert = "hi mom!"
n.data = { foo: :bar }
n.save!

Answer 2

@Learner

If all other options are not working then you should check how you are exporting your p12 file. You should export the p12 file which is associated with Apple production Certificate, I hope it will work.. as its worked for me !!!

Answer 3

I solved it. It was a .p12 file error. I was not creating the .p12 which I had to use.

Thanks !!

Answer 4

check this in your sever code

gateway.push.apple.com, port 2195 for distribution

gateway.sandbox.push.apple.com, port 2195

1. Log-in to the iPhone Developer Program Portal.
2. Choose App IDs from the menu on the right.
3. Create an App ID without a wildcard.
4. Click the Configure link next to this App ID and then click on the button to start the wizard to generate a new Development Push SSL Certificate. for development (or) to generate a new Production Push SSL Certificate for distribution.
5. Download this certificate and double click on aps_developer_identity.cer to import it into your Keychain
6. Launch Keychain Assistant and click on My Certificates on the left Expand Apple Development Push Services and select Apple Development Push Services
7. Right-click and choose "Export 1 elements..." and save as apns-cert.p12. AND your private key in the same expand area Right-click and choose "Export 1 elements..." and save as apns-key.p12.

8.Open Terminal and change directory to location used to save .p12 and convert the PKCS12 certificate bundle into PEM format using this command

i). openssl pkcs12 -clcerts -nokeys -out apns-cert.pem -in apns-cert.p12 ii). openssl pkcs12 -nocerts -out apns-key.pem -in apns-key.p12 here u have to give some key for access into the php code.

Remove passphrase

iii). openssl rsa -in apns-key.pem -out apns-key-noenc.pem here u have to give same key for Remove passphrase.

finally iv). cat apns-cert.pem apns-key-noenc.pem > apns-dev.pem.

Now you can use this PEM file as your certificate in ApnsPHP!

Answer 5

If you want to skip verification, you can use this.

   require 'net/http'
    require 'openssl'

    class Net::HTTP   alias_method :origConnect, :connect
        def connect
          @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
          origConnect
        end
    end

source: How to get rid of OpenSSL::SSL::SSLError

But since we want to be secure you should use the follow

ENV['SSL_CERT_DIR'] = '/usr/share/ca-certificates/'

More solutions at OmniAuth & Facebook: certificate verify failed