18

I am trying to send push notifications to iPhone via python as described here but I am getting the following error:

Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/home/omat/CA/server/ca/models.py", line 193, in push
    c.connect((host_name, 2195))
  File "/usr/lib/python2.6/ssl.py", line 307, in connect
    self.ca_certs)
SSLError: [Errno 336265225] _ssl.c:337: error:140B0009:SSL routines:
  SSL_CTX_use_PrivateKey_file:PEM lib

The error is raised from within the python ssl module as the traceback says but the message doesn't sing to me. Any ideas on what might be wrong?

Thanks,

oMat

edit:

The certificate used is created from the certificate and the private key as follows:

openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns-dev-cert.p12
openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns-dev-key.p12
cat apns-dev-cert.pem apns-dev-key.pem > apns-dev.pem
onurmatik
  • 5,105
  • 7
  • 42
  • 67
  • possible duplicate of [Error using httlib's HTTPSConnection with PKCS#12 certificate](http://stackoverflow.com/questions/2630011/error-using-httlibs-httpsconnection-with-pkcs12-certificate) – Daenyth Apr 29 '11 at 14:56
  • both certificates in this case are PEM certificates – onurmatik Apr 29 '11 at 15:33

2 Answers2

39

Here is how I get it working:

From within KeyChain export the following both in p12 format, without giving password:

  • Apple Development Push Services certificate as cert.p12
  • primary key under Apple Development Push Services as pkey.p12

In terminal go to the directory where you have exported the certificates and convert the p12 files to pem format and concatenate them as follows:

$ openssl pkcs12 -in pkey.p12 -out pkey.pem -nodes -clcerts
$ openssl pkcs12 -in cert.p12 -out cert.pem -nodes -clcerts
$ cat cert.pem pkey.pem > iphone_ck.pem

iphone_ck.pem is the certificate you need.

onurmatik
  • 5,105
  • 7
  • 42
  • 67
  • i am having similar issues, but I cannot find the primary key under Apple Development Push Services, how exactly did you find it? Thanks for the great response btw. @omat – GangstaGraham May 14 '13 at 22:06
  • Check the Keys directory in Keychains. Its a private key under the name you created with your CSR cert. – elliotrock Dec 03 '13 at 00:10
  • Actually, the way to figure out the private key is to look in Xcode and see what the Code Signing Authority is - the Private Key will match this. Also, when you run the openSSL command you will be prompted for a password - assuming you did not specify one on the export just hit return. Whew! This finally got my push to work! – David H Feb 21 '14 at 16:52
13

I ran into the same error message using PyAPNs. The example says to initiate it like this:

apns = APNs(use_sandbox=True, cert_file='cert.pem', key_file='key.pem')

Turns out the solution to my problem was to include the full system path for each .pem file:

cert_path = os.path.join(os.path.dirname(__file__), 'cert.pem')
key_path = os.path.join(os.path.dirname(__file__), 'key.pem')
apns = APNs(use_sandbox=True, cert_file=cert_path, key_file=key_path)
coryjacobsen
  • 998
  • 2
  • 9
  • 10
  • It's really strange, but it's the solution even when the `cert.pem` and `key.pem` stays at the same level hierarchy, nice answer!! – Victor Sigler Aug 12 '15 at 19:49