18

I'm trying to use PyAPNS to send push notifications to an iPhone app. We have gone through the process of getting the certificate from the Apple dev center, which works fine; however, we've followed several different tutorials for how to put together the certificate and private key into a single .pem file, and for all of them, attempting to connect to the APNS server using OpenSSL from our web server using the resulting certificate gives this error:

$ openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert apns.pem
CONNECTED(00000003)
depth=1 C = US, O = "Entrust, Inc.", OU = www.entrust.net/rpa is incorporated by  reference, OU = "(c) 2009 Entrust, Inc.", CN = Entrust Certification Authority - L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
[...certificate chain, server certificate, etc.]

Sometimes we're able to type something at the end of all this and the connection doesn't close until we press enter, sometimes not (it closes immediately), but even when we appear to have a connection, PyAPNS always fails when we try to send a push notification, giving the error "Fault 500: 'Connection to the APNS server could not be made.'", which I can only assume is for the same reason as the "unable to get local issuer certificate" - though I have no idea whhat reason that could be.

The tutorials we have been following include:

http://blog.serverdensity.com/how-to-build-an-apple-push-notification-provider-server-tutorial/

http://www.raywenderlich.com/3443/apple-push-notification-services-tutorial-part-12

http://www.nasoni.net/2010/12/02/apns-client-development-certificate/

http://thebirdytoldmeso.com/%28S%28l131v3jmvpdh5255u1jayp20%29%29/userActions/thread/Question.aspx?id=10302792

Yes, we have been removing the password from the private key and it doesn't ask for it when we try to connect with OpenSSL, so presumably that part is working okay.

We don't have any idea what is going wrong. Infuriatingly, all these tutorials (and Apple, apparently) take as a given that you're using a Mac, while I'm developing on Windows and the server (which I'm the one working on) is Ubuntu; my coworker who is on a Mac has been doing various prefixes of the first steps before sending the resulting files to me to upload to the server and perform the final steps. Could that have something to do with it, somehow? Or is there a step of necessary server setup that is being omitted everywhere?

antialiasis
  • 831
  • 1
  • 8
  • 19
  • Did you export the key with the certificate? That's usually the first problem – evan.stoddard Jun 03 '13 at 12:16
  • Possible duplicate of [“verify error:num=20” when connecting to gateway.sandbox.push.apple.com](http://stackoverflow.com/q/23343910). – jww Mar 14 '16 at 21:19

2 Answers2

1

Test your certificate with the simplepush php script in the tutorial from raywenderlich.com and then we can move along from there. Sometimes it seems like the certificate is fine but apple is crazy finicky about all of that stuff.

Error twenty I think means a problem with your private key and I think there might be a problem with your provisioning file as well according to this: http://www.raywenderlich.com/forums/viewtopic.php?f=2&t=380&start=100 .

Make sure you are exporting everything correctly and if need be revoke and make new certificates. Hope you can get this solved! :)

evan.stoddard
  • 698
  • 1
  • 5
  • 22
  • Testing the certificate with the simplepush php script in the tutorial from raywenderlich.com works well for me now. Maybe you are right, apple is crazy finicky. I should move forward to see the final result. – David Mar 27 '14 at 18:04
-2

As Ray Wenderlich stated, you may need to add this to your php file:

stream_context_set_option($ctx, 'ssl', 'cafile', 'entrust_2048_ca.cer');

The certificate authority file you can download here: https://www.entrust.net/downloads/binary/entrust_2048_ca.cer

pedrouan
  • 12,762
  • 3
  • 58
  • 74