无法连接到 APNS 沙盒服务器 [英] Couldn't able to connect to APNS Sandbox server
问题描述
我正在尝试通过以下观察连接到 Apple APNS 服务器:
I am trying to connect to Apple APNS server with the following observations:
1) 端口 2195 已打开 2) 使用 APNS_SSLCertificate_Key.pem 的有效密钥密码 3) 从 https://www.entrust.net/downloads/binary/entrust_ssl_ca.cer下载的委托证书 (2048)代码>
1)port 2195 is open 2)With Valid key passphrase for APNS_SSLCertificate_Key.pem 3)Entrust certificate (2048) downloaded from https://www.entrust.net/downloads/binary/entrust_ssl_ca.cer
4) telnet 成功响应如下:
4)With the successful telnet response as below :
$ telnet gateway.sandbox.push.apple.com 2195 正在尝试 17.172.232.226...连接到 gateway.sandbox.push-apple.com.akadns.net.逃脱字符是'^]'.
$ telnet gateway.sandbox.push.apple.com 2195 Trying 17.172.232.226... Connected to gateway.sandbox.push-apple.com.akadns.net. Escape character is '^]'.
但是当我在我的服务器中运行以下 openssl 命令来测试 APNS 连接时:
But when i run the following openssl command in my server to test the APNS connectivity :
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert APNS_SSLCertificate_Key.pem -debug -showcerts -CAfile server-ca-cert.pem
我收到如下错误:
无法加载证书 57013:error:0906D06C:PEM例程:PEM_read_bio:没有开始行:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/pem/pem_lib.c:650:Expecting:可信证书
unable to load certificate 57013:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/pem/pem_lib.c:650:Expecting: TRUSTED CERTIFICATE
所以请建议如何解决这个问题
So please suggest how to resolve this problem
提前致谢......
推荐答案
我遇到了同样的问题;最终解决该错误的是从 OS/X Keychain Access 应用程序的系统根目录重新导出 Entrust 证书.
I ran into this same issue; what eventually resolved the error was to re-export the Entrust certificate from System Roots of OS/X Keychain Access application.
为了完整起见,我将完整解释我如何创建密钥/证书文件(应该在 Apple 的 TechNote 2265 中的内容:https://developer.apple.com/library/content/technotes/tn2265/_index.html)
To be complete, I'll give a complete explanation of how I created the key/cert files (something which should have been in Apple's TechNote 2265: https://developer.apple.com/library/content/technotes/tn2265/_index.html)
创建您的 APN 证书和密钥:
Creating your APN-cert-and-key:
- 运行钥匙串访问;选择登录"钥匙串和我的证书"类别
- 选择名称格式为Apple Development IOS Push Services: ..."的证书
- 导出证书(在菜单中的文件"..导出项目"下)
- 导出为 .p12 格式.
这现在包含加密交换格式的证书和私钥.下一步是将其转换为受密码保护的 .pem 文件 使用终端,执行以下命令(当然使用您自己的文件名):
openssl pkcs12 -in PushCertKey.p12 -out PushCertKey.pem
(您需要输入 .p12 文件的密码,并为 .pem 文件提供另一个密码.)
- Run Keychain Access; select "login" Keychain and "My Certificates" category
- Select the certificate with the name format of "Apple Development IOS Push Services: ..."
- Export the certificate (in the menu, under "File" .. "Export Items")
- Export to .p12 format.
This now contains your certificate and private key in an encrypted interchange format. The next step is to convert it to a passphrase protected .pem file Using terminal, execute the following command (using your own filenames, of course):
openssl pkcs12 -in PushCertKey.p12 -out PushCertKey.pem
(You will need to enter the password for the .p12 file and provide another passphrase for the .pem file.)
如果您真的很不想在 .pem 文件中使用密码,请尝试:openssl pkcs12 -in PushCertKey.p12 -out PushCertKeyNoCrypt.pem -nodes
If you really really really don't want a passphrase on the .pem file, try:
openssl pkcs12 -in PushCertKey.p12 -out PushCertKeyNoCrypt.pem -nodes
创建 CA 证书文件:
Creating CA Certificate file:
- 列表项
- 运行钥匙串访问应用程序
- 转到系统根目录
- 将名为Entrust.net Certification Authority (2048)"的证书导出到 .pem 文件.
注意:我的 Roots 容器有四个 Entrust 证书;其中两个名称为Entrust.net Certification Authority (2048)"(但具有不同的证书扩展名,通过获取信息).有效验证信任链的两个Entrust.net Certification Authority (2048)"证书;另外两个 Entrust 证书不起作用.更重要的是,Apple TechNote 2265 指向的 Entrust 证书也不起作用.
确保导出为 .pem 格式;默认为 .cer,这一步很容易错过.
运行验证命令:
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert PushCertKey.pem -debug -showcerts -CAfile "Entrust.net Certification Authority (2048).pem"
此服务器和进程假设您正在连接到 Apple 的 Dev 沙盒 APN 服务器;如果您尝试使用生产 APN 服务器,则需要使用正确的服务器和端口.
This server and process assume that your are connecting to Apple's Dev sandbox APN server; if you are trying to use the production APN server, you will need to use the correct server and port.
有关 openssl 的更多信息,我建议访问以下页面:
For more information on openssl, I suggest the following pages:
- https://www.madboa.com/geek/openssl/莉>
- https://www.sslshopper.com/article-most-common-openssl-commands.html
- http://gagravarr.org/writing/openssl-certs/general.shtml
这篇关于无法连接到 APNS 沙盒服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!