Login/Register
PushSharp APNS production: The credentials supplied to the package were not recognized (development works fine though)
Asked Answered
Solved sslapple-push-notificationsproduction-environmentpushsharp
P

6

29

My app just got ready for sale on App Store, but none of my production devices (devices that have installed the app from App Store) are getting push notifications. When I try to send a push notification to a production device, I am getting this error:

"The credentials supplied to the package were not recognized" 
(System.ComponentModel.Win32Exception)

This exception is internally thrown and caught in an infinite loop:

enter image description here

It is thrown at line 539 of ApplePushChannel.cs file:

    try
{
    stream.AuthenticateAsClient(this.appleSettings.Host, this.certificates, 
        System.Security.Authentication.SslProtocols.Ssl3, false);
    //stream.AuthenticateAsClient(this.appleSettings.Host);
}
catch (System.Security.Authentication.AuthenticationException ex)
{
    throw new ConnectionFailureException("SSL Stream Failed to Authenticate as Client", ex);
}

This is the output of the application in Visual Studio Output:

...
A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in System.dll
A first chance exception of type 'System.ObjectDisposedException' occurred in System.dll
A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in System.dll
A first chance exception of type 'System.ObjectDisposedException' occurred in System.dll
A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in System.dll
A first chance exception of type 'System.ObjectDisposedException' occurred in System.dll
A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in System.dll
A first chance exception of type 'System.ObjectDisposedException' occurred in System.dll
A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in System.dll
...(it keeps getting thrown until I stop it manually)

Here are the things I've tried:

  • Double checked that the device ID I'm trying is registered with a production device token.
  • Revoked and regenerated the APNS Production certificate, exported it with the private key to a new .p12 file, and tried again with the new certificate. (I had the same problem with development push notifications, and this solved my problem)
  • Changed the SSL protocol from Ssl3 to Tls. (a few days ago there was a problem with protocol version, and it fixed a problem temporarily. There shouldn't be need for this, but the error I'm getting is the same as the one I was getting before which this fixed)
  • Checked that I'm actually trying to connect to production server with the production certificate instead of development server/certificate.
  • Checked that I can access the APNS server directly (my ASP.NET app lives inside a Parallels VM Windows 8.1 at my Mac, here is the output from my Mac, just to avoid confusion:

(Terminal output) Edit: I was pinging the sandbox server, I've pinged the production server, I verify that I can connect to it too, so it's not the issue.

can$ sudo nmap -p 2195 gateway.sandbox.push.apple.com
Starting Nmap 6.40-2 ( http://nmap.org ) at 2014-04-28 00:06 EEST
Nmap scan report for gateway.sandbox.push.apple.com (17.149.34.189)
Host is up (0.49s latency).
Other addresses for gateway.sandbox.push.apple.com (not scanned): 17.149.34.187 17.149.34.188
PORT     STATE SERVICE
2195/tcp open  unknown

Why would PushSharp not negotiate with APNS servers?

Peraza answered 27/4, 2014 at 21:10 Comment(0)
P
81

I figured out the problem. I revoked and regenerated the certificate again, and this time I only exported the private key (without the certificate). In Keychain access, I exported as .p12 and used the new file and it worked. For some reason, PushSharp wasn't play well with .p12 when both certificate and private key are present in the file.

Peraza answered 28/4, 2014 at 11:50 Comment(19)
Thanks, I just re-did the certificate and it worked! Though I don't think it's a problem with PushSharp I think something went wonky in the very complicated process of making these certs. So starting fresh seemed to correct that.Orff
@Orff there is definitely something buggy in the process, at either Apple's or PushSharp's side.Teodora
Well I just thought I should share my experience. Might help someone one day.Orff
This. This. This. All the documentation tells you to export both items and then it fails. Wasted hours and hours on this. Thank you @CanPoyrazoğlu.Shoveler
I also just wasted an hour on this before trying your suggestion of exporting only the private key (without the cert). Changing this has fixed the problem!Eiffel
For some reason, exporting both items works from php in mac, but fails in c# server. Got it to work by using only the private key.Paregmenon
I wish I could upvote more than once! We had a ruby script that could send notifications with the certificate information that wouldn't work with PushSharp. I've commented here github.com/Redth/PushSharp/issues/527 in case the documentation needs to be amendedLocative
surprisingly, exported the certificate (without the private key) only way works for me. code.google.com/archive/p/apns-sharp/wikis/…Seismograph
@CanPoyrazoğlu Where did you regenerate the p12 file (without private key) on mac machine? I am trynig on windows machine but not able to solve issue. would be good if you mention steps. ThanksExercitation
@RashminJaviya I've regenerated the P12 file using Keychain Access on Mac machine. I think, in Windows, certmgr.msc (type in Start Menu -> Run) would do the trick.Teodora
Just another data point that exporting only the private key got PushSharp working for me.Hurlee
I just used the private key of certificate in export and it worked. No regeneration needed for my case. Thanks for the answer.Barbbarba
Thanks , you saved my timeNubia
this works locally but does not work on Azure - I've managed the OP code start working by uploading the certificate like @Pavel Chuchuva suggests - see my comment (if the link does not work copy it and paste to a browser): #23329540Lamentable
Hi @CanPoyrazoğlu for me after trying your solution exception was gone but i was not getting the notifications. Can you give any suggestion?Shorts
@Shahzad what is your environment? can you send notifications with the same certificate in another way to check if it works?Teodora
@CanPoyrazoğlu Sorry for late response. Its windows server 2012. The ios guy checked from their end and it worked fine, it is sending the notification.Shorts
I too wasted my days trying to figure it out and nothing was working. Does anybody know the reason behind this?Crespo
I am currently experiencing this same issue. Works great locally, but when I upload it to the web servers (windows server) it no longer sends notifications and I get the same error. "The credentials supplied to the package were not recognized" Been two days now. It's been incredibly frustrating!Hungry
T
3

"The credentials supplied to the package were not recognized" exception usually indicates that the user running the code does not having enough permissions.

If you are sending push notifications from Azure web app or webjob do not load the APNS certificate from a file or base64-encoded string. Go to Azure Portal and add the certificate to website instead. Note the thumbprint.

certificate in Azure Portal

Next add WEBSITE_LOAD_CERTIFICATES setting and set it to * (asterisk).

Now the APNS certificate can be used from C# code:

string thumbprint = "YOUR THUMBPRINT";
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var certificate = store.Certificates.Find(
    X509FindType.FindByThumbprint, thumbprint, validOnly: false)
    .Cast<X509Certificate2>().SingleOrDefault();
var apnsConfig = new ApnsConfiguration(
    ApnsConfiguration.ApnsServerEnvironment.Production, certificate);

References

Twit answered 19/7, 2016 at 1:31 Comment(1)
This answer helped me but with some changes. Now with the new Azure portal you can add certificate in App Service / SSL settings / Private Certificates (.pfx) / Upload Certificate. Interesting thing is that you do not need to change code that OP used (stream.AuthenticateAsClient) so you don't need to bother with thumbnail or code in this answer. The old code will start working immediately after certificate upload plus of course WEBSITE_LOAD_CERTIFICATES. Sad thing is that you need a paid plan (at least basic) to upload any certificate.Lamentable
S
1

When using the windows certificate store, (imho the easiest way to manage certificates on a production server), be sure to set the correct permissions on the private key.

Subterfuge answered 21/1, 2016 at 15:3 Comment(1)
I received this error on my production environment (on development it worked). Recreating the certificate did not work. The answer given here did.Subterfuge
A
1

None of the answers worked for me. In the end what I ended up doing is importing the Cert and Private Key into the Windows cert store, and then exporting as a .pfx.

Anschauung answered 15/2, 2017 at 11:7 Comment(0)
P
1

I was tested it again and again.

Convert the p12 file to pem format, and it will work with IIS limited users and maybe with Azure....

Patrimony answered 22/2, 2017 at 10:8 Comment(0)
A
0

I was receiving the same exception and in my case I had to add permission for my IOS Push Services certificate.

Right click on the certificate in mmc -> All Tasks -> Manage Private Keys... I added NETWORK SERVICE because the iis application pool of my web app used that account.

See for more details: http://blog.falafel.com/apple-push-notifications-certificates-and-iis/

Alius answered 25/1, 2016 at 15:33 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.