1

I am trying to use PushSharp to send a push notification to my app. I have two Apple accounts... one is a regular account, and the other is an Enterprise account. I have a developer certificate on the regular account that works, but both my development and distribution certificates fail to work from the Enterprise account. I get an Authentication Exception..

A call to SSPI failed, see inner exception.

Inner Exception:
[System.ComponentModel.Win32Exception]: {"An unknown error occurred while processing the certificate"}

This occurs in this code of PushSharp (I didn't comment the line out): 

try
{
    stream.AuthenticateAsClient(this.appleSettings.Host, this.certificates, System.Security.Authentication.SslProtocols.Ssl3, false);
    //stream.AuthenticateAsClient(this.appleSettings.Host);
}
catch (System.Security.Authentication.AuthenticationException ex)
{
    throw new ConnectionFailureException("SSL Stream Failed to Authenticate as Client", ex);
}

Here is the code from my test project:

public static void SendPingToApple()
{
    try
    {
        var devicetoken = "mytoken";
        var appleCert = File.ReadAllBytes(AssemblyPathName + @"\Resources\DistPrivKey1.p12");
        var push = new PushBroker();
        push.RegisterAppleService(new ApplePushChannelSettings(IsProduction, appleCert, "password"));

        push.QueueNotification(new AppleNotification()
            .ForDeviceToken(devicetoken.ToUpper())
            .WithAlert("Test Notification"));

            push.StopAllServices();
    }
    catch (Exception ex)
    {
        throw;
    }
}
Millie Smith
  • 4,536
  • 2
  • 24
  • 60
  • did you try to connect to apns service using openssl & using enterprise certificate? First verify that there is no problem with your certificate. – Nilesh Feb 21 '14 at 23:25
  • No? It's not immediately clear to me how to do that. Can you elaborate? – Millie Smith Feb 21 '14 at 23:28
  • You should run this command: openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert YourSSLCertAndPrivateKey.pem -debug -showcerts -CAfile "Entrust.net Certification Authority (2048).pem" Update the url depending on which certificate are you using. If it fails to connect, there is problem with your certificate or network configuration. – Nilesh Feb 21 '14 at 23:32
  • I get "unable to load client certificate private key file 5793:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-47.1/src/crypto/pem/pem_lib.c:648:Expecting: ANY PRIVATE KEY" – Millie Smith Feb 21 '14 at 23:41
  • I can use this certificate to build the app and to deploy it via MDM. – Millie Smith Feb 21 '14 at 23:42
  • Are you sure you converted your certificates to pem format & have provided correct path? If not, see this question: http://stackoverflow.com/questions/9497719/how-to-extract-a-public-private-key-from-a-pkcs12-file-with-openssl-for-later-us/9516936#9516936 – Nilesh Feb 22 '14 at 01:07

1 Answers1

2

Convert your ssl certificates to pem format using following commands

    openssl pkcs12 -in yourP12File.pfx -nocerts -out privateKey.pem

    openssl pkcs12 -in yourP12File.pfx -clcerts -nokeys -out publicCert.pem

Then run following command to ensure that there is no issue with your certificate or network connection.

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert YourSSLCertAndPrivateKey.pem -debug -showcerts -CAfile "Entrust.net Certification Authority (2048).pem"

You should download Entrust certificate and convert it to pem as APNS certificates are signed by Entrust.

Nilesh
  • 5,955
  • 3
  • 24
  • 34
  • OK @Nilesh. I don't think I was using an APNS certificate. I generated one and downloaded the Entrust certficate (which downloaded as a .cer.txt), but I can't get it to work. I'm not sure if I'm using the right private key (I'm not sure where to get the private key for my APNS certificate). – Millie Smith Feb 23 '14 at 20:42
  • Thank you for your help Nilesh. Your answer showed me that my certificates were invalid. For some reason, I had to generate a new CSR for the APNS certificate. Otherwise the APNS certificate did not have any keys associated with it in the keychain. Doing that and exporting a p12 for PushSharp worked. – Millie Smith Feb 24 '14 at 16:10