为什么我不能添加的APN开发的iOS输入证书的provisioning profile [英] Why I can't add APNs Development iOS typed certificate to provisioning profile
问题描述
我想实现APNS我的应用程序。我创建的应用程序ID,并能够为我的应用程序的SSL证书(类型被证明是发展的APNs IOS)。然而,当我尝试生成一个配置配置文件,下面,我选择我的应用程序的的AppID屏幕上,我没有看到SSL证书我产生了这个程序。在证书列表中,我只看到了创建previously型iOS开发的证书。
I am trying to implement APNS for my App. I created APP id and was able to generate an SSL certificate for my App (the type is shown to be APNs development IOS). However, when I try to generate a provisioning profile, following the screen where I choose the AppID of my app, I do not see the SSL certificate I generate for this app. In the certificates list, I only see certificates of type 'IOS development' that were created previously.
推荐答案
您创建使用由什么文件所指的的APN提供商的APNS凭证 - 最简单的情况,这是你自己的服务器负责跟踪的APN装置凭证和产生的APN推送指示的APN什么样的信息,声音或徽章交付给特定的设备令牌有效载荷。正如可执行code和其他资产在你的应用程序的安排是由一密码签名安全的(通过您的iPhone开发或iPhone分发证书和相关的配置配置文件),您的服务器和苹果的APN网关之间的通信,也必须确保以prevent从伪装成您的服务器并发送垃圾邮件的推送消息给用户一个流氓第三方。该APN的SSL证书,用于保护和验证服务器的到的APN连接,授权其提供有效载荷推到你的应用程序用户的设备 - 保持这些证书的安全!如果有人能够访问到SSL证书的私钥,然后他们可以发送垃圾推到你的应用程序!
The APNs certificate that you created is used by what the documentation refers to as the "APNs Provider" -- In the simplest case, this is your own server that is responsible for keeping track of APNs device tokens and generating APNs Push Payloads that instruct the APNs what message, sound, or badge to deliver to a specific device token. Just as the arrangement of executable code and other assets in your app is secured by a cryptographic signature (via your iPhone Development or iPhone Distribution certificate and associated provisioning profile), communications between your server and the Apple APNs gateway must also be secured to prevent a rogue 3rd party from masquerading as your server and sending spammy push messages to your users. This APNs SSL certificate is used to secure and authenticate your server's connection to the APNs, authorizing it to deliver push payloads to your app on user's devices -- Keep those certificates secure! If anyone gains access to the private key of the SSL certificate then they could send spammy pushes to your app!
您的APN提供商将需要访问私钥此SSL证书。没有它,苹果公司的APN网关将拒绝任何和所有尝试连接。您的供应商,并不需要有你的供应配置文件 - 这的APN证书是完全比用于code签署iOS应用程序,也就是说,服务器只需要服务器证书的机构分开的,而应用程序需要$ C $ç签名证书+供应配置文件。这两项不相交并且不与彼此交换数据。
Your APNs Provider will need access to the private key for this SSL certificate. Without it, Apple's APNs gateways will reject any and all attempts to connect. Your provider, does not need to have your provisioning profiles -- this APNs certificate is entirely separate than the mechanisms used to code sign an iOS app, that is, the server only needs the server certificate, while the app needs the code signing certificate + provisioning profile. These two items do not intersect and do not exchange data with each other.
这是事实,你的供应配置文件(开发,特设分布,以及App Store的分布),就需要重新发行,但是这是专门添加 APS-环境授权给每个这些配置文件允许使用这些配置文件签名的软件与环境的APN连接。必须绝对清楚,补发这些配置不会也不应该在任何地方的轮廓新增APNS的SSL证书...您的应用程序code不需要以任何方式利用该证书,并会导致略有增加应用程序的大小。
It is true that your provisioning profiles (Development, Ad-Hoc Distribution, and App Store Distribution) will need to be reissued, but that is specifically to add the aps-environment entitlement to each of these profiles allowing apps signed with these profiles to connect with the APNs environments. To be absolutely clear, reissuing these profiles does not and should not add your APNs SSL certificate anywhere in the profile...your application code doesn't need to leverage this certificate in any way and would lead to a slight increase in your application's size.
您可以检查您的当前配置的配置文件包括 APS-环境有权通过打开终端,复制并粘贴以下,照顾到路径更新到您的具体名为.mobileprovision :
You can check if your current provisioning profiles include the aps-environment entitlement by opening Terminal, copy and pasting the following, taking care to update the path to your specific .mobileprovision:
的/ usr / libexec中/ PlistBuddy -c'打印:权利的/ dev /标准输入<<< $(CMS安全-D -i /path/to/your/application.mobileprovision)
这个命令做了两件事情:
This command does two things:
- 在使用OS X中的
安全工具来提取名为.mobileprovision文件后确定的plist中含量-i参数,并将所有这些内容进入... -
PlistBuddy打印权利键的全部内容屏幕。
- Uses the
securitytool in OS X to extract the plist content from the.mobileprovisionfile identified after the-iargument and passes all of this content into... PlistBuddyprinting the entire contents of theEntitlementskey to screen.
尚未推送通知启用输出一个基本的开发配置将类似于以下内容:
The output for a basic Development profile that has not been enabled for Push Notifications will resemble the following:
Dict {
get-task-allow = true
com.apple.developer.team-identifier = ABC1DEF2G3
application-identifier = XYZW1ABC2D.com.mycompany.niftyapp
keychain-access-groups = Array {
XYZW1ABC2D.*
}
}
虽然尚未推送通知启用的输出基本Ad-hoc或App Store的分布将类似于:
While the output for a basic Ad-Hoc or App Store Distribution that has not been enabled for Push Notifications will resemble:
Dict {
get-task-allow = false
com.apple.developer.team-identifier = ABC1DEF2G3
application-identifier = XYZW1ABC2D.com.mycompany.niftyapp
keychain-access-groups = Array {
XYZW1ABC2D.*
}
}
现在,你有你的应用程序的的AppId颁发的的APN证书,你需要逐步完成并重新开发,特设和发行配置的配置文件,添加 APS-环境有权每个配置文件。
Now that you have the APNs certificates issued for your app's AppId, you do need to step through and reissue your Development, Ad-Hoc, and Distribution provisioning profiles to add the aps-environment entitlement to each of your profiles.
- 导航到证书,标识符和配置文件工具,并找到与此应用程序相关的配置文件。
- 单击编辑按钮,并通过向导的每个步骤走 - 你不必做出了$ P $任何更改pviously定义的设置,只需当前配置文件重新印发</ li>!
- 点击下载按钮,向导结束。
- 拖放在X code图标更新配置文件在您的船坞进行安装。
- Navigate to Certificates, Identifiers, and Profiles tool and find one of the profiles associated with this application.
- Click the Edit button and walk through each step of the wizard -- you don't have to make any changes to the previously defined settings, you simply need the current profile reissued!
- Click the Download button at the end of the wizard.
- Drag and drop the updated profile on the Xcode icon on your Dock to install.
如果您运行同一套终端对这些新文件再命令(记得更新的路径,新的名为.mobileprovision 如果有必要的!),你现在看到的该 APS-环境键出现在你的应用程序的权利:
If you run that same set of Terminal commands again on these new files (remember to update the path to the new .mobileprovision if necessary!) you'll now see that aps-environment key appear in your App's entitlements:
Dict {
get-task-allow = true
aps-environment = development
com.apple.developer.team-identifier = ABC1DEF2G3
application-identifier = XYZW1ABC2D.com.mycompany.niftyapp
keychain-access-groups = Array {
XYZW1ABC2D.*
}
}
有两个值这个新的密钥:
There are two values for this new key:
-
APS-环境=发展- 这将仅出现在开发配置配置文件和应用程序可以通过签订iPhone开发者证书,只可在沙箱环境的APN连接 -
APS-环境=生产- 这将仅出现在发行配置配置文件(Ad-hoc或应用程序商店),允许应用程序使用签署iPhone分销证书与生产的APN环境 连接
aps-environment = development-- This will appear only on Development Provisioning Profiles and allows apps signed usingiPhone Developercertificates and may only connect with the Sandbox APNs Environmentaps-environment = production-- This will appear only on Distribution Provisioning Profiles (Ad-Hoc or App Store), allowing apps signed usingiPhone Distributioncertificates to connect with the Production APNs Environment
根据您所使用的证书来签署构建确定哪些的APN网关您的应用程序将连接到并获取推送令牌以及哪个网关您的应用程序将收到推送消息。其中最常见的错误使开发商对于推送通知是不匹配的应用程序是如何与他们的服务器是如何连接到苹果的APN网关签署
Depending on which certificate you use to sign a build determines which APNs gateway your app will connect to and fetch a Push token as well as which gateway your app will receive push messages from. One of the most common errors developers make with respect to push notifications is mismatching how the app is signed with how their server is connecting to Apple's APNs gateways:
- 应用程序与开发证书只能成功协商的APN和接收时,供应商也正在与发展的APN SSL证书到沙盒的APN网关连接,并在其生成的有效载荷使用沙箱设备令牌推送消息签名。
- 应用程序与分发证书只能成功协商的APN和接收Push信息时,供应商也与生产的APN SSL证书到生产的APN网关连接,并在其生成的有效载荷使用的生产设备令牌签名。
给它一个镜头,让我们知道事情怎么走!
Give it a shot and let us know how things go!
这篇关于为什么我不能添加的APN开发的iOS输入证书的provisioning profile的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
