i try to make a push-notification server. I get connection to ssl://gateway.sandbox.push.apple.com:2195 with telnet.
telnet gateway.sandbox.push.apple.com 2195
Trying 17.172.232.229...
Connected to gateway.sandbox.push-apple.com.akadns.net.
Escape character is '^]'.
my *.pem is ok (I use it on another server). I use the SAME project on an other Server and it works there but the clone on an other Server doesn't.
I get these Errors:
Warning: stream_socket_client() [function.stream-socket-client]: SSL operation failed with code 1. OpenSSL Error messages: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired in /var/www/try.php on line 69
Warning: stream_socket_client() [function.stream-socket-client]: Failed to enable crypto in /var/www/try.php on line 69
Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /var/www/try.php on line 69
The certificate is NOT expired, it works on the other Server and the date is the same.
Does someone has a clue what the mistake could be?
I work on
Apache/2.2.9 (Debian) PHP/5.2.17-0.dotdeb.0 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
EDIT: It seems, that using the same certificate on different servers doesn't work. Maybe this is blocked by Apples servers.
I use apn_on_rails for this, but I think it will work for you as long as you are using a pem file. I fixed this by re-downloading the certificate and intermediate certificate, regenerating the push notification pem file using these instructions:
Once you have the certificate from Apple for your application, export your key and the apple certificate as p12 files. Here is a quick walkthrough on how to do this:
1. Click the disclosure arrow next to your certificate in Keychain Access and select the certificate and the key.
2. Right click and choose `Export 2 items…`.
3. Choose the p12 format from the drop down and name it `cert.p12`.
Now covert the p12 file to a pem file:
$ openssl pkcs12 -in cert.p12 -out apple_push_notification_production.pem -nodes -clcerts
This kind of error occur in two situation:
- When the 2195 port is block.
- When the
.pemfile is not made correctly (as in my case).
Try these two points. You will surely not get any error.
I had the same problem but the solution in my case was that pem certificate that required absolute path
- Use the absolute path for the private key instead of relative path.
- Make sure the php user (or webserver user, depending.. www-data, apache, nginx, www...) is allowed to read it (chown, chmod).
from here
Maybe your ISP block ports 2195 and 2196. I had the same problem, asked them to open it and that worked for me.
Some random finding from the internet which could help:
It may be a certificate problem. Try the stream options allow_self_signed and verify_peer to check that.
Try to use explicitely sslv2:// or sslv3:// ?
Permission problem on "/dev/urandom"
You mention:
I use the SAME project on an other Server and it works there but the clone on an other Server doesn't.
I've found that .pem certificates don't transfer. Here are the steps I followed to get an app that works on one OS X machine to work on another (don't know how to do it for non-Apple machines):
- Copy over the first Server's .p12 file (Certificate and companion private-key).
- Copy that .p12 file into your keychain. It will become a certificate there.
- Export that certificate (with companion private key) to a new .p12 file.
- Use openssl to convert that new .p12 file into a new .pem file
- You can now use the new .pem file in your openssl command on the new server.
Hope this is helpful
I had a similar issue on my Linux box. To me, it was the SELinux issue.
So in your /etc/selinux/config file, set the SELINUX=enforcing to SELINUX=disabled. And restart. Thats it.
try...
telnet gateway.sandbox.push.apple.com:2195
instead of ...
telnet gateway.sandbox.push.apple.com 2195
来源:https://stackoverflow.com/questions/6372308/apns-ssl-gateway-sandbox-push-apple-com2195-connection-fails