无法连接到 APNS 沙盒服务器 [英] Couldn't able to connect to APNS Sandbox server

问题描述

我正在尝试通过以下观察连接到 Apple APNS 服务器:

I am trying to connect to Apple APNS server with the following observations:

1) 端口 2195 已打开 2) 使用 APNS_SSLCertificate_Key.pem 的有效密钥密码 3) 从 https://www.entrust.net/downloads/binary/entrust_ssl_ca.cer

1)port 2195 is open 2)With Valid key passphrase for APNS_SSLCertificate_Key.pem 3)Entrust certificate (2048) downloaded from https://www.entrust.net/downloads/binary/entrust_ssl_ca.cer

4) telnet 成功响应如下:

4)With the successful telnet response as below :

$ telnet gateway.sandbox.push.apple.com 2195 正在尝试 17.172.232.226...连接到 gateway.sandbox.push-apple.com.akadns.net.逃脱字符是'^]'.

$ telnet gateway.sandbox.push.apple.com 2195 Trying 17.172.232.226... Connected to gateway.sandbox.push-apple.com.akadns.net. Escape character is '^]'.

但是当我在我的服务器中运行以下 openssl 命令来测试 APNS 连接时:

But when i run the following openssl command in my server to test the APNS connectivity :

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert  APNS_SSLCertificate_Key.pem -debug -showcerts -CAfile server-ca-cert.pem

我收到如下错误:

无法加载证书 57013:error:0906D06C:PEM例程:PEM_read_bio:没有开始行:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/pem/pem_lib.c:650:Expecting:可信证书

unable to load certificate 57013:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/pem/pem_lib.c:650:Expecting: TRUSTED CERTIFICATE

所以请建议如何解决这个问题

So please suggest how to resolve this problem

提前致谢......

推荐答案

我遇到了同样的问题；最终解决该错误的是从 OS/X Keychain Access 应用程序的系统根目录重新导出 Entrust 证书.

I ran into this same issue; what eventually resolved the error was to re-export the Entrust certificate from System Roots of OS/X Keychain Access application.

为了完整起见，我将完整解释我如何创建密钥/证书文件(应该在 Apple 的 TechNote 2265 中的内容:https://developer.apple.com/library/content/technotes/tn2265/_index.html)

To be complete, I'll give a complete explanation of how I created the key/cert files (something which should have been in Apple's TechNote 2265: https://developer.apple.com/library/content/technotes/tn2265/_index.html)

创建您的 APN 证书和密钥:

Creating your APN-cert-and-key:

1. 运行钥匙串访问；选择登录"钥匙串和我的证书"类别
2. 选择名称格式为Apple Development IOS Push Services: ..."的证书
3. 导出证书(在菜单中的文件"..导出项目"下)
4. 导出为 .p12 格式.
   这现在包含加密交换格式的证书和私钥.下一步是将其转换为受密码保护的 .pem 文件

5. 使用终端，执行以下命令(当然使用您自己的文件名):
   
   openssl pkcs12 -in PushCertKey.p12 -out PushCertKey.pem
   
   (您需要输入 .p12 文件的密码，并为 .pem 文件提供另一个密码.)

1. Run Keychain Access; select "login" Keychain and "My Certificates" category
2. Select the certificate with the name format of "Apple Development IOS Push Services: ..."
3. Export the certificate (in the menu, under "File" .. "Export Items")
4. Export to .p12 format.
   This now contains your certificate and private key in an encrypted interchange format. The next step is to convert it to a passphrase protected .pem file

5. Using terminal, execute the following command (using your own filenames, of course):
   
   openssl pkcs12 -in PushCertKey.p12 -out PushCertKey.pem
   
   (You will need to enter the password for the .p12 file and provide another passphrase for the .pem file.)

如果您真的很不想在 .pem 文件中使用密码，请尝试:

openssl pkcs12 -in PushCertKey.p12 -out PushCertKeyNoCrypt.pem -nodes

If you really really really don't want a passphrase on the .pem file, try:

openssl pkcs12 -in PushCertKey.p12 -out PushCertKeyNoCrypt.pem -nodes

创建 CA 证书文件:

Creating CA Certificate file:

1. 列表项
2. 运行钥匙串访问应用程序
3. 转到系统根目录
4. 将名为Entrust.net Certification Authority (2048)"的证书导出到 .pem 文件.
   
   注意:我的 Roots 容器有四个 Entrust 证书；其中两个名称为Entrust.net Certification Authority (2048)"(但具有不同的证书扩展名，通过获取信息).有效验证信任链的两个Entrust.net Certification Authority (2048)"证书；另外两个 Entrust 证书不起作用.更重要的是，Apple TechNote 2265 指向的 Entrust 证书也不起作用.
   
   确保导出为 .pem 格式；默认为 .cer，这一步很容易错过.

运行验证命令:

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert PushCertKey.pem -debug -showcerts -CAfile "Entrust.net Certification Authority (2048).pem" 

此服务器和进程假设您正在连接到 Apple 的 Dev 沙盒 APN 服务器；如果您尝试使用生产 APN 服务器，则需要使用正确的服务器和端口.

This server and process assume that your are connecting to Apple's Dev sandbox APN server; if you are trying to use the production APN server, you will need to use the correct server and port.

有关 openssl 的更多信息，我建议访问以下页面:

For more information on openssl, I suggest the following pages:

• https://www.madboa.com/geek/openssl/
• https://www.sslshopper.com/article-most-common-openssl-commands.html
• http://gagravarr.org/writing/openssl-certs/general.shtml

这篇关于无法连接到 APNS 沙盒服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！