1

I'm trying to connect via curl with an existing certificate through APNS http2 API.

$/usr/local/Cellar/curl/7.47.1/bin/curl -v -d \
'{"aps":{"alert":"hi","sound":"default"}}' \
--cacert cert.pem --key key.pem --cert clientcert.pem \
-H "apns-topic: topics" --http2 \
https://api.development.push.apple.com/3/device/<device_token>

Ive generated the cert, key and cacert from openssl command following this link : http://www.rajatswarup.com/blog/2007/03/10/using-certificates-with-curl/

With this command, I get this error:

{"reason":"MissingProviderToken"}

I get the same error when I try with POSTMAN also. How do I resolve this?

Second try with this curl command:

/usr/local/Cellar/curl/7.47.1/bin/curl -v -d \
'{"aps":{"alert":"hi","sound":"default"}}' \
--cert clientcert.pem:<passphrase> \
--key key.pem \
-H "apns-topic: topics" --http2 \
https://api.development.push.apple.com/3/device/<devide_token>

Here I get the below error :

error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
* Closing connection 0
curl: (35) error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate   unknown

I've also tried with Jetty client using Java following this link : https://judepereira.com/blog/sending-notifications-via-apples-new-http2-api-using-jetty-9-3-6/ but this also does not work and it hangs whole POST request and does not return any response. My certificate is a valid development certificate, so what is the main issue here? Can someone please help me out?

Thanks :)

jww
  • 97,681
  • 90
  • 411
  • 885
user2340345
  • 793
  • 4
  • 16
  • 38
  • In your first curl you send the *CA* certificate, but that is useful just to authenticate the counterpart's certificate. Instead, your problem is that the server you're contacting is not linking your certificate at all. Please check if you need a specific certificate to access this API. – Mario Santini Oct 10 '16 at 12:00
  • @MarioAlexandroSantini: CA certs generally are for client to verify server, but if this `curl` uses OpenSSL (not all do but it appears this one does) then OpenSSL client counterintuitively uses `--cacert` to complete the _client_ chain, which is needed for certs from most real CAs including Apple. OP: your first attempt succeeded at TLS level because you got an **application level error**. I'm not familiar with APNS but from browsing it appears you need a specific APNS-provider cert not just a developer cert; are you sure you have the correct type of cert? – dave_thompson_085 Oct 10 '16 at 15:25
  • @dave_thompson_085 i agree with you, i think I explained it vary bad, but I just want to say exactly what you mean. – Mario Santini Oct 10 '16 at 17:16
  • @dave_thompson_085 I've a valid apple development certificate – user2340345 Oct 10 '16 at 17:25
  • This sounds fishy: *"Ive generated the cert, key and cacert from openssl command..."* - Apple needs to certify your gear; you don't ***issue*** it yourself. This may help, but I don't make any claims regarding how much help it will be for you: [“verify error:num=20” when connecting to gateway.sandbox.push.apple.com](http://stackoverflow.com/q/23343910/608639). – jww Oct 10 '16 at 19:00
  • 2
    if you trying with jetty, make sure you are using openjdk and right version of [ALPN jar](https://www.eclipse.org/jetty/documentation/9.3.x/alpn-chapter.html) which should be loaded in boot class path – Rahul Oct 10 '16 at 19:17
  • @Rahul Ive fixed the correct version but using openjdk, I'll try with openjdk now – user2340345 Oct 12 '16 at 05:26
  • @user2340345 you try following example https://gist.github.com/rahulpandey/ee1f98e73934e801f8e1d35ade375fe0 and its also work with oracle jdk1.8.0_60 and [alpn-boot jar](https://mvnrepository.com/artifact/org.mortbay.jetty.alpn/alpn-boot/8.1.6.v20151105) – Rahul Oct 12 '16 at 10:50

0 Answers0