iPhone certificate error in apns sharp A call to SSPI failed

Asked 15/7, 2011 at 13:2 Answered 14/10, 2014 at 7:31

Solved iphone azure apple-push-notifications apns-sharp

i have a data service hosted in azure from which i am sending notification to iphone but while establishing connection with apns i am getting following error "A call to SSPI failed. The message received was unexpected or badly formatted." i also refered following links for the same error but still getting the error

apple push notification with APNS sharp and C# iPhone push server?

        try
        {
            using (TcpClient client = new TcpClient())
            {

                try
                {
                    client.Connect("gateway.sandbox.push.apple.com", 2195);
                    Logging("TSSLProDi :Connected to Apple");
                }
                catch (Exception ex)
                {
                    Logging("TSSLProDi :" + ex.Message + "-IE-" + ex.InnerException);

                }
                using (NetworkStream networkStream = client.GetStream())
                {
                    Logging("TSSLProDi :Client connected.");

                    X509Certificate clientCertificate = new X509Certificate(System.IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory + @"startup\certname.pfx"), "mycertpassword");
                    X509CertificateCollection clientCertificateCollection = new X509CertificateCollection(new X509Certificate[1] { clientCertificate });

                    // Create an SSL stream that will close the client's stream.
                    SslStream sslStream = new SslStream(
                        client.GetStream(),
                        false,
                        new RemoteCertificateValidationCallback(validateServerCertificate),
                        null
                        );

                    try
                    {
                        sslStream.AuthenticateAsClient("gateway.sandbox.push.apple.com", clientCertificateCollection, System.Security.Authentication.SslProtocols.Default, false);
                        Logging("TSSLProDi :slStreamAuthenticated");
                    }
                    catch (AuthenticationException ex)
                    {
                        Logging("TSSLProDi :" + "Exception: " + ex.Message.ToString());
                        if (ex.InnerException != null)
                        {
                            Logging("Inner exception: " + ex.InnerException.Message.ToString());
                        }
                        Logging("TSSLProDi :" + "Authentication failed - closing the connection.");
                        client.Close();
                        return;
                    }
                }

            }
        }
        catch (Exception ex)
        {

            Logging("TSSLProCert :" + ex.Message + "-IE-" + ex.InnerException);
        }

i have installed the needed certificates on VM also. one warning i am getting on iphone developer_identity certificate which i got from apple is that "Windows does not have enough information to verify this certificate" is there is some thing wrong with my iphone certificate. please help me i am stuck

Putrescent answered 15/7, 2011 at 13:2 Comment(0)

got the solution i have just changed X509Certificate to X509Certificate2 and X509CertificateCollection to X509Certificate2Collection

Putrescent answered 19/7, 2011 at 15:39 Comment(0)

I suggest you follow the steps in this tutorial to create a p12 file from you developer certificate.

http://help.adobe.com/en_US/as3/iphone/WS144092a96ffef7cc-371badff126abc17b1f-7fff.html

It's also important that you register this file in windows. This is as simple as double-clicking the file after you've generated it. Don't forget to update the call to the X509Certificate constructor afterwards.

The tutorial works equally well on Windows, but you might have to download an OpenSSL client which can be found here:

http://gnuwin32.sourceforge.net/packages/openssl.htm.

Inevasible answered 18/7, 2011 at 13:56 Comment(4)

hey i did as you mention but still i am getting the same error that "A call to sspi failed.........." – Putrescent 19/7, 2011 at 7:45

There might still be a problem with your path to the p12 file. Try a hard-coded path first to see if that might be the problem. And don't forget to register the file in Windows. – Inevasible 19/7, 2011 at 8:8

i have already registed the certificate in trusted root ca section and also in personal section. i tried with hardcoded value but still getting same error. – Putrescent 19/7, 2011 at 9:0

What is the output when you run this command on your p12 file? openssl pkcs12 -info -in filename.p12 – Inevasible 19/7, 2011 at 9:40

I do not know if this will be helpful after 3 years, but I leave the answer for iOS8.

Apple has changed the server security and right on the line you mention, you have to change from SSL to TLS:

Original code:

_apnsStream.AuthenticateAsClient(host,certificates,System.Security.Authentication.SslProtocols.Ssl3, false);

New code:

_apnsStream.AuthenticateAsClient(host,certificates,System.Security.Authentication.SslProtocols.Tls, false);

I hope this information is helpful to someone.

Someone commented this in the GIT forum

Electrodynamometer answered 14/10, 2014 at 7:31 Comment(1)

solved my problem so thanks for the answer. I wish they had some information they made this change – Unreflective 30/10, 2014 at 14:37

Little late, but who knows if it helps somebody... I made a big mistake with the certificate, and installed the .CER I downloaded from Apple Developer Site... I know... my fault, but it could happen if you're as dumb as I am :-P

When you download the .CER, you have to import it into your keychain and then EXPORT the certificate INCLUDING the private key... that will generate a .P12 certificate, and THAT is the one you have to install in the Windows machine. Once I installed the .P12 in the LocalMachine/Personal store, the authentication worked just fine for me.

Conlon answered 8/8, 2012 at 10:52 Comment(0)

I got same problem, I use .p12 certificate file instead of .pfx and use moon-apns to send notification, the problem been solved.

Donwnload Moon-APNS code here: https://github.com/arashnorouzi/Moon-APNS

Teodora answered 17/1, 2013 at 7:12 Comment(0)

Try this :

SslStream sslStream = new SslStream(client.GetStream(), false);

Actor answered 18/7, 2011 at 13:47 Comment(1)

also tried but same error. i have correct certificate and password is there is anything wrong with the code – Putrescent 19/7, 2011 at 8:5

Recommended topics

Hot tags