Safari 推送通知证书问题 [英] Safari push notifications certificate issue

问题描述

我有一个使用 Safari 浏览器推送通知的网站.直到最近我开始收到一条消息说

I have a website which uses push notifications for safari browser. It worked fine until recently when I started to receive a message saying

推送包签名验证失败

我相信这与最近的 Apple WWDRCA 证书到期有关，现在正在尝试将他们的新证书安装到系统中.他们的文档说

I believe that it is connected with the recent Apple WWDRCA certificate expiration and now trying to install their new certificate into the system. Their docs say that

如果您使用 openssl_pkcs7_sign 函数仅使用您的 Web 推送证书对推送包进行签名，您应该将路径传递给额外证书参数的更新中间体.

If you were using the openssl_pkcs7_sign function to sign your push package with only your web push certificate, you should pass the path to the renewed intermediate for the extra certificates parameter.

所以我的问题是如何告诉这个函数使用这个新证书，以及另一个，我是否应该将他们的证书安装到我运行 Apache 的 linux 系统中.我不确定我是否安装了以前的证书.谢谢

So my question is how to tell this function to use this new certificate, and another one, should I install their certificate into my linux system which is running Apache. I am not sure if I had a previous certificate installed in it. Thank You

推荐答案

谢谢大家，

通过添加 Apple WWDRCA 新证书作为 openssl_pkcs7_sign 的最后一个参数设法解决了这个问题

managed to solve the issue by adding Apple WWDRCA new certificate as a last parameter to openssl_pkcs7_sign

openssl_pkcs7_sign("$package_dir/manifest.json", $signature_path, $cert_data, $private_key, array(), PKCS7_BINARY | PKCS7_DETACHED,"/path/to/certificate/AppleWWDRCA.pem");

无需额外工作.请注意，必须手动将文件从 .cer 转换为 .pem.

No additional work required. Note that the file must be converted from .cer to .pem manually.

我认为应该在文档中更清楚地指出这一点.

I think this should be pointed out somewhere in docs more clearly.

这篇关于Safari 推送通知证书问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！