莫非无法连接到APNS沙盒服务器 [英] Couldn't able to connect to APNS Sandbox server

问题描述

我想有以下意见连接到苹果服务器APNS：

I am trying to connect to Apple APNS server with the following observations:

1）端口2195是开放2）随着APNS_SSLCertificate_Key.pem 3有效密钥密码）从 https://www.entrust.net/downloads/binary/entrust_ssl_ca下载委托证书（2048）。 CER

1)port 2195 is open 2)With Valid key passphrase for APNS_SSLCertificate_Key.pem 3)Entrust certificate (2048) downloaded from https://www.entrust.net/downloads/binary/entrust_ssl_ca.cer

4）在成功的telnet响应如下：

4)With the successful telnet response as below :

$远程登录gateway.sandbox.push.apple.com 2195尝试17.172.232.226 ...
  连接到gateway.sandbox.push-apple.com.akadns.net。逃逸
  字符是'^]'。

$ telnet gateway.sandbox.push.apple.com 2195 Trying 17.172.232.226... Connected to gateway.sandbox.push-apple.com.akadns.net. Escape character is '^]'.

但是，当我在我的服务器来测试连接APNS运行以下命令的OpenSSL：

But when i run the following openssl command in my server to test the APNS connectivity :

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert  APNS_SSLCertificate_Key.pem -debug -showcerts -CAfile server-ca-cert.pem

我收到错误如下：

I am getting error as follows:

无法加载证书57013：错误：0906D06C：PEM
  套路：PEM_read_bio：无从下手
  行：/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/pem/pem_lib.c：650：期待：
  受信任的证书

unable to load certificate 57013:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/pem/pem_lib.c:650:Expecting: TRUSTED CERTIFICATE

所以，请建议如何解决这个问题。

So please suggest how to resolve this problem

在此先感谢......

Thanks in advance ......

推荐答案

我遇到了同样的问题;什么最终解决错误是重新出口从OS制度根源/ X钥匙串访问应用程序。

I ran into this same issue; what eventually resolved the error was to re-export the Entrust certificate from System Roots of OS/X Keychain Access application.

要完成，我给我如何创建密钥/证书文件（东西应该已经在苹果公司的技术说明2265的完整说明：<一href=\"http://developer.apple.com/library/ios/#technotes/tn2265/_index.html\">http://developer.apple.com/library/ios/#technotes/tn2265/_index.html)

To be complete, I'll give a complete explanation of how I created the key/cert files (something which should have been in Apple's TechNote 2265: http://developer.apple.com/library/ios/#technotes/tn2265/_index.html)

创建您的APN证书和钥匙：

Creating your APN-cert-and-key:

1. 运行钥匙串访问;选择登录钥匙串和我的证书类别


2. 选择用的名称格式证书苹果IOS开发推送服务：......


3. 导出证书（在菜单中，文件下..出口项目）


4. 导出到的.p12格式。
   结果
   现在这包含您的加密交换格式的证书和私钥。下一步是将其转换为一个密码保护的.pem文件



5. 使用终端，执行以下命令（当然使用自己的文件名）：搜索结果
   OpenSSL的PKCS12 -in PushCertKey.p12退房手续PushCertKey.pem
   搜索结果
   （您将需要为.p12文件输入密码，并提供了另一种密码为.pem文件。）

1. Run Keychain Access; select "login" Keychain and "My Certificates" category
2. Select the certificate with the name format of "Apple Development IOS Push Services: ..."
3. Export the certificate (in the menu, under "File" .. "Export Items")
4. Export to .p12 format.
   This now contains your certificate and private key in an encrypted interchange format. The next step is to convert it to a passphrase protected .pem file

5. Using terminal, execute the following command (using your own filenames, of course):
   
   openssl pkcs12 -in PushCertKey.p12 -out PushCertKey.pem
   
   (You will need to enter the password for the .p12 file and provide another passphrase for the .pem file.)

如果您的真的真的真的的不希望.pem文件一个密码，请尝试：搜索结果
OpenSSL的PKCS12 -in PushCertKey.p12退房手续PushCertKeyNoCrypt.pem -nodes
搜索结果

If you really really really don't want a passphrase on the .pem file, try:

openssl pkcs12 -in PushCertKey.p12 -out PushCertKeyNoCrypt.pem -nodes

创建CA证书文件：

1. 项目


2. 运行Keychain Access应用程序


3. 进入系统根


4. 导出名为Entrust.net证书颁发机构（2048），以一个.pem文件的证书。搜索结果
   注：我的根容器有四个委托证明;他们两个名为Entrust.net证书颁发机构（2048）（但具有不同的证书扩展，通过获取信息）。无论是的Entrust.net证书颁发机构（2048）证书，其中有效验证信任链;另外两个证书委托没有工作。更显著的委托证书指向了苹果的技术说明2265也不起作用。
   搜索结果
   确保您导出到.pem格式;默认值是.CER，这一步是很容易错过。

运行验证命令：

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert PushCertKey.pem -debug -showcerts -CAfile "Entrust.net Certification Authority (2048).pem" 

此服务器和流程假设你连接到苹果的开发沙箱APN服务器;如果你要使用生产APN服务器，您需要使用正确的服务器和端口。

This server and process assume that your are connecting to Apple's Dev sandbox APN server; if you are trying to use the production APN server, you will need to use the correct server and port.

有关OpenSSL的更多信息，我建议以下页面：结果

For more information on openssl, I suggest the following pages:

• http://www.madboa.com/geek/openssl/


• http://www.sslshopper.com/article-most-common-openssl-commands.html


• http://gagravarr.org/writing/openssl-certs/general.shtml

• http://www.madboa.com/geek/openssl/
• http://www.sslshopper.com/article-most-common-openssl-commands.html
• http://gagravarr.org/writing/openssl-certs/general.shtml

这篇关于莫非无法连接到APNS沙盒服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！