2

I have a website which uses push notifications for safari browser. It worked fine until recently when I started to receive a message saying

Signature verification of push package failed

I believe that it is connected with the recent Apple WWDRCA certificate expiration and now trying to install their new certificate into the system. Their docs say that

If you were using the openssl_pkcs7_sign function to sign your push package with only your web push certificate, you should pass the path to the renewed intermediate for the extra certificates parameter.

So my question is how to tell this function to use this new certificate, and another one, should I install their certificate into my linux system which is running Apache. I am not sure if I had a previous certificate installed in it. Thank You

Jack
  • 857
  • 14
  • 39
  • where did you see the error message "Signature verification of push package failed"? I have some same issues, but I dont know where such debug messages are shown. They are not shown in the javascript console – SteMa Sep 26 '17 at 20:50

1 Answers1

6

Thanks everyone,

managed to solve the issue by adding Apple WWDRCA new certificate as a last parameter to openssl_pkcs7_sign

openssl_pkcs7_sign("$package_dir/manifest.json", $signature_path, $cert_data, $private_key, array(), PKCS7_BINARY | PKCS7_DETACHED,"/path/to/certificate/AppleWWDRCA.pem");

No additional work required. Note that the file must be converted from .cer to .pem manually.

I think this should be pointed out somewhere in docs more clearly.

Jack
  • 857
  • 14
  • 39
  • How you convert it from cer to pem? I use keychain and fail. – Dmitry Manannikov Feb 17 '16 at 09:29
  • 1
    I use the following command: `openssl x509 -in your_cert.cer -inform der -out converted_cert.pem` as explained in [link](http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1) – Jack Feb 18 '16 at 09:46
  • @Jack Hello Jack, I am continuously getting "Signature verification of push package failed" error. Applying your solution gives me "Missing file in push notification package" error!!! Could you please help me! – Mehdi Mar 07 '16 at 15:59
  • You need to check that the created package contains all the files needed in accordance with apple specification. If some file is missing you need to find out why. In order to do that you may dump the result of every function that is called in createpushpackage file (the apple companion file to the specification). You may do that with the php function file_put_contents. Thats actually what I do if I get some errors. – Jack Mar 08 '16 at 08:29