Safari 推送通知证书问题 [英] Safari push notifications certificate issue
问题描述
我有一个使用 Safari 浏览器推送通知的网站.直到最近我开始收到一条消息说
I have a website which uses push notifications for safari browser. It worked fine until recently when I started to receive a message saying
推送包签名验证失败
我相信这与最近的 Apple WWDRCA 证书到期有关,现在正在尝试将他们的新证书安装到系统中.他们的文档说
I believe that it is connected with the recent Apple WWDRCA certificate expiration and now trying to install their new certificate into the system. Their docs say that
如果您使用 openssl_pkcs7_sign 函数仅使用您的 Web 推送证书对推送包进行签名,您应该将路径传递给额外证书参数的更新中间体.
If you were using the openssl_pkcs7_sign function to sign your push package with only your web push certificate, you should pass the path to the renewed intermediate for the extra certificates parameter.
所以我的问题是如何告诉这个函数使用这个新证书,以及另一个,我是否应该将他们的证书安装到我运行 Apache 的 linux 系统中.我不确定我是否安装了以前的证书.谢谢
So my question is how to tell this function to use this new certificate, and another one, should I install their certificate into my linux system which is running Apache. I am not sure if I had a previous certificate installed in it. Thank You
推荐答案
谢谢大家,
通过添加 Apple WWDRCA 新证书作为 openssl_pkcs7_sign 的最后一个参数设法解决了这个问题
managed to solve the issue by adding Apple WWDRCA new certificate as a last parameter to openssl_pkcs7_sign
openssl_pkcs7_sign("$package_dir/manifest.json", $signature_path, $cert_data, $private_key, array(), PKCS7_BINARY | PKCS7_DETACHED,"/path/to/certificate/AppleWWDRCA.pem");
无需额外工作.请注意,必须手动将文件从 .cer 转换为 .pem.
No additional work required. Note that the file must be converted from .cer to .pem manually.
我认为应该在文档中更清楚地指出这一点.
I think this should be pointed out somewhere in docs more clearly.
这篇关于Safari 推送通知证书问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!