iPhone推送通知证书 [英] iPhone Push Notification Certificates

问题描述

我正在尝试创建允许我在设备上发送推送通知的证书，但我完全丢失了。我已经使用了BETA和分发证书，但添加推送通知很痛苦。

I am trying to create certificates that will allow me to send push notifications on my device and I am total lost. I have used certificates for BETA and distribution but adding push notification is pain.

当我为BETA测试创建证书时，我会执行以下步骤。

When I do create certificates for BETA testing, I do the following steps.

1. 从钥匙串，从证书颁发机构申请证书。


2. 在证书下的Apple Provisioning Portal中，创建证书上传文件密钥链文件。


3. 假设APP ID已完美创建且设备准备就绪。


4. 在Provisioning下的Apple Provisioning Portal中，我创建了一个新的配置文件，下载移动配置文件以添加到XCode管理器。

1. From keychain, Request a certificate from a certificate authority.
2. In Apple Provisioning Portal under Certificates, create a certificate uploading file keychain file.
3. Assume APP ID is created perfectly and devices are ready.
4. In Apple Provisioning Portal under Provisioning, I create a new profile and download mobile provisioning file to add to the XCode organizer.

上述步骤有效，我可以进行BETA测试。现在为了启用推送通知，我有一个设置服务器，它通过推送通知进行测试，并且100％正常工作。当我配置推送通知时，我需要上传密钥链文件。这是我在证书下上传的文件吗？有一个文件作为回报，我双击它，它被添加到钥匙串，我做得对吗？

That above steps works and I can BETA test. Now in order to enable push notification, I have setup server which is tested with push notification and is 100% working. When I configure for push notification, I need to upload keychain file. Is that the same file I uploaded under Certificates? There is a file in return which I double click and it gets added to the keychain, am I doing it right?

推荐答案

如果我正确理解你的问题，答案是否定的，它不应该是同一个文件。我将详细解释整个过程，希望这将澄清情况（以及接下来需要做什么）。

If I understand your question correctly, the answer is no, it should not be the same file. I'll explain the entire process in detail and hopefully that will clarify the situation (and what you need to do next).

当您启用推送通知时，您需要做四件事：

When you enable push notifications, you need to do four things:

1. 创建私钥/公钥对。


2. 创建证书签名请求（CSR），使用您的私钥签名。


3. 将CSR提交给Apple并下载签名证书。


4. 创建包含证书的文件和私钥，用于验证每个APN请求。

1. Create a private/public key pair.
2. Create a certificate signing request (CSR), signed with your private key.
3. Submit the CSR to Apple and download a signed certificate.
4. Create a file containing your certificate and private key, for validating each APN request.

一些要点：

• 我建议您使用不同的密钥进行开发（沙箱）和生产APN。如果您要向不同的应用程序发送通知，则可以重新使用这些密钥，但如果您不在开发和生产之间重复使用密钥则更安全。


• 您提交的文件到配置门户是证书请求。每个证书都有一个CSR文件。您将为每个应用程序（bundleID）创建两个CSR;一个用于开发，一个用于生产。使用您的开发密钥创建的CSR应提交进行开发，并且应使用生产密钥创建CSR以进行生产。
  
  注意：保留CSR文件。您不必拥有它们，但是当您需要重新发送证书请求时，它将为您节省一些时间。


• 提交CSR后，您将能够下载实际证书。他们还没有准备立即，所以给Apple一分钟左右，然后刷新浏览器。 CSR和证书之间的区别很重要：证书由Apple签署;它验证您发送推送通知的能力。下载证书并将其加载到您的钥匙串中（双击即可）。
  
  注意：没有您的私钥，证书是无用的;因此，如果您切换计算机，则需要安全地导出私钥。


• 任何发送APN请求的计算机都需要私钥和证书。您可以使用Keychain Access将它们导出为单个.p12文件。 （我将我的名字命名为MyAppCertKey.p12，表明该文件包含证书和密钥。）



• 最后，我写了详细的解释测试/验证与Apple服务器（来自终端）的通信。这有点复杂，因为您需要为 openssl 设置一些根证书以进行验证;但是，它会告诉您是否与服务器正确通信，而不需要对接收应用程序本身进行任何操作。
  

• I recommend you use different keys for development (sandbox) and production APN. You can re-use the keys if you are sending notifications to different apps, but it is safer if you don't re-use keys between development and production.
• The file you "submit" to the provisioning portal is the certificate request. You will have one CSR file for each certificate. You will create a two CSR for each app (bundleID); one for development, one for production. The CSR created with your development key should be submitted for development and the CSR created with your production key should be submitted for production.
  Note: Keep the CSR files. You don't have to have them, but it will save you some time when you need to re-send the certificate requests.
• After submitting your CSRs, you will be able to download the actual certificates. They aren't ready immediately, so give Apple a minute or so and then refresh your browser. The difference between the CSR and a certificate is important: the certificate is signed by Apple; it validates your ability to send push notifications. Download the certificates and load them into your keychain (double clicking is fine).
  Note: the certificate is useless without your private key; so you will need to safely export your private key if you switch computers.
• Any computer sending an APN request will need both the private key and the certificate. You can export them as a single .p12 file using Keychain Access. (I name mine MyAppCertKey.p12 to indicate that the file contains both the certificate and the key.)

• Last, I wrote up a detailed explanation on testing / verifying communication with Apple's servers (from the terminal). It's a little complicated since you need to have some root certificates set up for openssl to validate against; however, it will tell you if you are communicating correctly with the servers, without requiring any work on the receiving app itself.
  

无法连接到APNS沙盒服务器

希望有所帮助。

这篇关于iPhone推送通知证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！