Login/Register
APNS ssl://gateway.sandbox.push.apple.com:2195 connection fails
Asked Answered
sslpushapple-push-notifications
D

8

15

i try to make a push-notification server. I get connection to ssl://gateway.sandbox.push.apple.com:2195 with telnet.

telnet gateway.sandbox.push.apple.com 2195
Trying 17.172.232.229...
Connected to gateway.sandbox.push-apple.com.akadns.net.
Escape character is '^]'.

my *.pem is ok (I use it on another server). I use the SAME project on an other Server and it works there but the clone on an other Server doesn't.

I get these Errors:

Warning: stream_socket_client() [function.stream-socket-client]: SSL operation failed with code 1. OpenSSL Error messages: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired in /var/www/try.php on line 69

Warning: stream_socket_client() [function.stream-socket-client]: Failed to enable crypto in /var/www/try.php on line 69

Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /var/www/try.php on line 69

The certificate is NOT expired, it works on the other Server and the date is the same.

Does someone has a clue what the mistake could be?

I work on 

Apache/2.2.9 (Debian) PHP/5.2.17-0.dotdeb.0 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g

EDIT: It seems, that using the same certificate on different servers doesn't work. Maybe this is blocked by Apples servers.

Driving answered 16/6, 2011 at 13:2 Comment(3)
I have been getting the same errors today. Perhaps it is something on Apple's side. I am digging in now...Ulyanovsk
I just solved this error for my self today. I noticed that my Entrust cert was bad so I re-made it and viola. It's odd that you can't connect without it, but w/e.Murat
maybe this solves my problem... don't know. I'm using JavAPNS now on an other server =)Driving
U
14

I use apn_on_rails for this, but I think it will work for you as long as you are using a pem file. I fixed this by re-downloading the certificate and intermediate certificate, regenerating the push notification pem file using these instructions:

Once you have the certificate from Apple for your application, export your key and the apple certificate as p12 files. Here is a quick walkthrough on how to do this:

1. Click the disclosure arrow next to your certificate in Keychain Access and select the certificate and the key. 
2. Right click and choose `Export 2 items…`. 
3. Choose the p12 format from the drop down and name it `cert.p12`.

Now covert the p12 file to a pem file:  

  $ openssl pkcs12 -in cert.p12 -out apple_push_notification_production.pem -nodes -clcerts
Ulyanovsk answered 17/6, 2011 at 15:30 Comment(1)
I already tried this, this doesn't work for me. =( but I know in the most cases the certificate is the problem. but my certificate is Ok, it works fine on an onter serverDriving
S
6

This kind of error occur in two situation:

  1. When the 2195 port is block.
  2. When the .pem file is not made correctly (as in my case).

Try these two points. You will surely not get any error.

Strepphon answered 20/12, 2011 at 10:53 Comment(5)
To 1. when port 2195 is blocked telnet wouldn't work. To 2. I work with the same *.pem file on an other server and it works there.Driving
I could add my case as a 3rd point that to verify the path of *.pem file on your serverChanteuse
but in cake php where to include .pem file.if you have idea please share.Bahamas
HI @Driving , Please accept any answer so that it will be helpful to others.Strepphon
Hi @HimanshuMohan, I cannot accept any answer, none of them helped me, never found the problem. This post is > 6 years old. regardsDriving
B
3

I had the same problem but the solution in my case was that pem certificate that required absolute path

  1. Use the absolute path for the private key instead of relative path.
  2. Make sure the php user (or webserver user, depending.. www-data, apache, nginx, www...) is allowed to read it (chown, chmod).

from here

Broach answered 27/8, 2015 at 3:10 Comment(0)
E
2

Some random finding from the internet which could help:

It may be a certificate problem. Try the stream options allow_self_signed and verify_peer to check that.

Try to use explicitely sslv2:// or sslv3:// ?

Permission problem on "/dev/urandom"

Edelstein answered 5/7, 2012 at 7:19 Comment(0)
D
1

Maybe your ISP block ports 2195 and 2196. I had the same problem, asked them to open it and that worked for me.

Daubigny answered 26/10, 2011 at 9:19 Comment(1)
as I said in my discription telnet works, it wouldn't work if the ports are blockedDriving
P
1

You mention:

I use the SAME project on an other Server and it works there but the clone on an other Server doesn't.

I've found that .pem certificates don't transfer. Here are the steps I followed to get an app that works on one OS X machine to work on another (don't know how to do it for non-Apple machines):

  1. Copy over the first Server's .p12 file (Certificate and companion private-key).
  2. Copy that .p12 file into your keychain. It will become a certificate there.
  3. Export that certificate (with companion private key) to a new .p12 file.
  4. Use openssl to convert that new .p12 file into a new .pem file
  5. You can now use the new .pem file in your openssl command on the new server.

Hope this is helpful

Paderna answered 19/1, 2013 at 5:4 Comment(1)
I never did tis on any server... but my question is nearly 2Jears old =) maybe import the p12 or pem into the servers keychain did the trick and I don't remember doing this =) Since 1 jear I used to do this with JavaPNS this works better then easyApns. ;)Driving
A
0

I had a similar issue on my Linux box. To me, it was the SELinux issue.

So in your /etc/selinux/config file, set the SELINUX=enforcing to SELINUX=disabled. And restart. Thats it.

Aargau answered 6/3, 2015 at 13:28 Comment(0)
D
-7

try...
telnet gateway.sandbox.push.apple.com:2195 instead of ... telnet gateway.sandbox.push.apple.com 2195

Desma answered 27/11, 2012 at 12:4 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.