莫非无法连接到APNS沙盒服务器 [英] Couldn't able to connect to APNS Sandbox server
问题描述
我想有以下意见连接到苹果服务器APNS:
I am trying to connect to Apple APNS server with the following observations:
1)端口2195是开放2)随着APNS_SSLCertificate_Key.pem 3有效密钥密码)从 https://www.entrust.net/downloads/binary/entrust_ssl_ca下载委托证书(2048)。 CER
1)port 2195 is open 2)With Valid key passphrase for APNS_SSLCertificate_Key.pem 3)Entrust certificate (2048) downloaded from https://www.entrust.net/downloads/binary/entrust_ssl_ca.cer
4)在成功的telnet响应如下:
4)With the successful telnet response as below :
$远程登录gateway.sandbox.push.apple.com 2195尝试17.172.232.226 ...
连接到gateway.sandbox.push-apple.com.akadns.net。逃逸
字符是'^]'。
$ telnet gateway.sandbox.push.apple.com 2195 Trying 17.172.232.226... Connected to gateway.sandbox.push-apple.com.akadns.net. Escape character is '^]'.
但是,当我在我的服务器来测试连接APNS运行以下命令的OpenSSL:
But when i run the following openssl command in my server to test the APNS connectivity :
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert APNS_SSLCertificate_Key.pem -debug -showcerts -CAfile server-ca-cert.pem
我收到错误如下:
I am getting error as follows:
无法加载证书57013:错误:0906D06C:PEM
套路:PEM_read_bio:无从下手
行:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/pem/pem_lib.c:650:期待:
受信任的证书
unable to load certificate 57013:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/pem/pem_lib.c:650:Expecting: TRUSTED CERTIFICATE
所以,请建议如何解决这个问题。
So please suggest how to resolve this problem
在此先感谢......
Thanks in advance ......
推荐答案
我遇到了同样的问题;什么最终解决错误是重新出口从OS制度根源/ X钥匙串访问应用程序。
I ran into this same issue; what eventually resolved the error was to re-export the Entrust certificate from System Roots of OS/X Keychain Access application.
要完成,我给我如何创建密钥/证书文件(东西应该已经在苹果公司的技术说明2265的完整说明:<一href=\"http://developer.apple.com/library/ios/#technotes/tn2265/_index.html\">http://developer.apple.com/library/ios/#technotes/tn2265/_index.html)
To be complete, I'll give a complete explanation of how I created the key/cert files (something which should have been in Apple's TechNote 2265: http://developer.apple.com/library/ios/#technotes/tn2265/_index.html)
创建您的APN证书和钥匙:
Creating your APN-cert-and-key:
- 运行钥匙串访问;选择登录钥匙串和我的证书类别
- 选择用的名称格式证书苹果IOS开发推送服务:......
- 导出证书(在菜单中,文件下..出口项目)
- 导出到的.p12格式。
结果
现在这包含您的加密交换格式的证书和私钥。下一步是将其转换为一个密码保护的.pem文件 -
使用终端,执行以下命令(当然使用自己的文件名):搜索结果
OpenSSL的PKCS12 -in PushCertKey.p12退房手续PushCertKey.pem
搜索结果
(您将需要为.p12文件输入密码,并提供了另一种密码为.pem文件。)
- Run Keychain Access; select "login" Keychain and "My Certificates" category
- Select the certificate with the name format of "Apple Development IOS Push Services: ..."
- Export the certificate (in the menu, under "File" .. "Export Items")
- Export to .p12 format.
This now contains your certificate and private key in an encrypted interchange format. The next step is to convert it to a passphrase protected .pem file Using terminal, execute the following command (using your own filenames, of course):
openssl pkcs12 -in PushCertKey.p12 -out PushCertKey.pem
(You will need to enter the password for the .p12 file and provide another passphrase for the .pem file.)
如果您的真的真的真的的不希望.pem文件一个密码,请尝试:搜索结果 OpenSSL的PKCS12 -in PushCertKey.p12退房手续PushCertKeyNoCrypt.pem -nodes
搜索结果
If you really really really don't want a passphrase on the .pem file, try:
openssl pkcs12 -in PushCertKey.p12 -out PushCertKeyNoCrypt.pem -nodes
创建CA证书文件:
- 项目
- 运行Keychain Access应用程序
- 进入系统根
- 导出名为Entrust.net证书颁发机构(2048),以一个.pem文件的证书。搜索结果
注:我的根容器有四个委托证明;他们两个名为Entrust.net证书颁发机构(2048)(但具有不同的证书扩展,通过获取信息)。无论是的Entrust.net证书颁发机构(2048)证书,其中有效验证信任链;另外两个证书委托没有工作。更显著的委托证书指向了苹果的技术说明2265也不起作用。
搜索结果
确保您导出到.pem格式;默认值是.CER,这一步是很容易错过。
运行验证命令:
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert PushCertKey.pem -debug -showcerts -CAfile "Entrust.net Certification Authority (2048).pem"
此服务器和流程假设你连接到苹果的开发沙箱APN服务器;如果你要使用生产APN服务器,您需要使用正确的服务器和端口。
This server and process assume that your are connecting to Apple's Dev sandbox APN server; if you are trying to use the production APN server, you will need to use the correct server and port.
有关OpenSSL的更多信息,我建议以下页面:结果
For more information on openssl, I suggest the following pages:
- http://www.madboa.com/geek/openssl/
- http://www.sslshopper.com/article-most-common-openssl-commands.html
- http://gagravarr.org/writing/openssl-certs/general.shtml
- http://www.madboa.com/geek/openssl/
- http://www.sslshopper.com/article-most-common-openssl-commands.html
- http://gagravarr.org/writing/openssl-certs/general.shtml
这篇关于莫非无法连接到APNS沙盒服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!