推送通知错误:“无法设置本地证书链文件”

时间:2021-04-25 23:02:34

I wrote a test php page that just sends out a generic push notification and it works intermittently. Sometimes it delivers the message and other times I get this error:

我写了一个测试php页面,它只发送一个通用推送通知,它间歇性地工作。有时它会传递消息,有时我会收到此错误:

"Message: stream_socket_client() [function.stream-socket-client]: Unable to set local cert chain file `/var/www/ninerobot.com/public/mlb/certs/mlbtr-push-dev.pem'; Check that your cafile/capath settings include details of your certificate and its issuer"

“消息:stream_socket_client()[function.stream-socket-client]:无法设置本地证书链文件`/var/www/ninerobot.com/public/mlb/certs/mlbtr-push-dev.pem';检查一下您的cafile / capath设置包括您的证书及其发行人的详细信息“

Do you know how I can solve this issue?

你知道我怎么解决这个问题吗?

I see that on Apple's docs it says "Note: To establish a TLS session with APNs, an Entrust Secure CA root certificate must be installed on the provider’s server. If the server is running Mac OS X, this root certificate is already in the keychain. On other systems, the certificate might not be available. You can download this certificate from the Entrust SSL Certificates website." Does this mean anything that I need to do?

我在Apple的文档中看到它说:“注意:要与APN建立TLS会话,必须在提供商的服务器上安装Entrust Secure CA根证书。如果服务器运行的是Mac OS X,则此根证书已在密钥链中在其他系统上,证书可能不可用。您可以从Entrust SSL证书网站下载此证书。“这是否意味着我需要做的事情?

3 个解决方案

#1


12  

Me too got more struggle to do the same. Eventually I found solution to send push notification through PHP global url. Try the below steps. Before that I hope you all know to generate the 3 certificates thats PushChat.certSigningRequest, pushkey.p12 & aps_development.cer (csr,p12,cer)

我也有更多努力去做同样的事情。最终我找到了通过PHP全局网址发送推送通知的解决方案。请尝试以下步骤。在此之前,我希望你们都知道生成3个证书,即PushChat.certSigningRequest,pushkey.p12和aps_development.cer(csr,p12,cer)

Open your Terminal and step by step run the below commands:

打开终端并逐步运行以下命令:

# Make sure terminal refers your correct certificate path.
$ cd ~/Desktop/

# Ask system administrator to open if its not connected 
$ telnet gateway.sandbox.push.apple.com 2195

Trying 17.110.227.35...
Connected to gateway.sandbox.push-apple.com.akadns.net.

Escape character is '^]'.

# Convert .cer to .pem
$ openssl x509 -in aps_development.cer -inform der -out PushCert.pem

# Convert .p12 to .pem. Enter your pass pharse which is the same pwd that you have given while creating the .p12 certificate. PEM pass phrase also same as .p12 cert.  
$ openssl pkcs12 -nocerts -out PushKey1.pem -in pushkey.p12

Enter Import Password:

MAC verified OK

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

# To remove passpharse for the key to access globally. This only solved my stream_socket_client() & certificate capath warnings.
$ openssl rsa -in PushKey1.pem -out PushKey1_Rmv.pem

Enter pass phrase for PushChatKey1.pem:

writing RSA key

# To join the two .pem file into one file:
$ cat PushCert.pem PushKey1_Rmv.pem > ApnsDev.pem

Then Finally move the SimplePush.php to the ApnsDev.pem file location. Both files will be in same folder. and change Device Token, Pass Phrase, Certificate Name(ApnsDev.pem), Message… In simplepush.php Download the file using the below URL. http://d1xzuxjlafny7l.cloudfront.net/downloads/SimplePush.zip Then execute the file in terminal or your domain server

然后最后将SimplePush.php移动到ApnsDev.pem文件位置。两个文件都在同一个文件夹中。并更改设备令牌,密码短语,证书名称(ApnsDev.pem),消息...在simplepush.php中使用以下URL下载文件。 http://d1xzuxjlafny7l.cloudfront.net/downloads/SimplePush.zip然后在终端或域服务器中执行文件

$ php simplepush.php

or

www.Domainname.com/push/simplepush.php  // Now, url shows 'Connected to APNS Message successfully delivered'.

Thats it, the push notification will fly and reach the specific IOS device.

多数民众赞成,推送通知将飞行并到达特定的IOS设备。

If you want to send 'Badge' then change the payload code in simplepush.php like below,

如果你想发送'Badge'然后在simplepush.php中更改有效负载代码,如下所示,

// Construct the notification payload body:

$badge = 1;

$sound = 'default';

$body = array();

$body['aps'] = array('alert' => $message);

if ($badge)

    $body['aps']['badge'] = $badge;

if ($sound)

    $body['aps']['sound'] = $sound;


// End of Configurable 

// Encode the payload as JSON:

$payload = json_encode($body);

Now run the php file again and the app icon appears with badge number in red circle.

现在再次运行php文件,应用程序图标显示为红色圆圈中的徽章编号。

#2


7  

Use this checklist to work through this:

使用此清单可以解决此问题:

  1. Did you create a legitimate certificate via instructions like these.
  2. 您是否通过这些说明创建了合法证书?

  3. Is your .pem file readable by your webserver process (ie permissions and file location are good)? Many setups run apache, for example, under the "www-data" user/group. Side note: make sure visitors can't view the .pem file by browsing to it.
  4. 您的.pem文件是否可以被您的Web服务器进程读取(即权限和文件位置是否良好)?许多设置运行apache,例如,在“www-data”用户/组下运行。附注:确保访问者无法通过浏览来查看.pem文件。

  5. Does your server have the Entrust Secure CA Root Certificate (2048 bit) installed? If not, follow instructions for downloading/installing for your particular server OS.
  6. 您的服务器是否安装了Entrust Secure CA根证书(2048位)?如果没有,请按照特定服务器操作系统的下载/安装说明进行操作。

  7. Is outbound TCP port 2195 open? Many hosting providers do NOT have this outbound port open by default.
  8. 出站TCP端口2195是否打开?默认情况下,许多托管服务提供商都没有打开此出站端口。

#3


0  

In addition to a great answer of Steve N let me add the last point.

除了史蒂夫N的一个很好的答案,让我添加最后一点。

  1. Ensure you understand the warning, especially include details of your certificate and its issuer. You probably don't have a block in your .pem file, i.e. issuer= , subject= etc. and your file begins with -----BEGIN CERTIFICATE. It can be accidentally deleted during conversion of the certificate file.
  2. 确保您了解警告,尤其是包括证书及其颁发者的详细信息。您的.pem文件中可能没有块,即issuer =,subject =等,您的文件以----- BEGIN CERTIFICATE开头。在转换证书文件期间可能会意外删除它。

#1


12  

Me too got more struggle to do the same. Eventually I found solution to send push notification through PHP global url. Try the below steps. Before that I hope you all know to generate the 3 certificates thats PushChat.certSigningRequest, pushkey.p12 & aps_development.cer (csr,p12,cer)

我也有更多努力去做同样的事情。最终我找到了通过PHP全局网址发送推送通知的解决方案。请尝试以下步骤。在此之前,我希望你们都知道生成3个证书,即PushChat.certSigningRequest,pushkey.p12和aps_development.cer(csr,p12,cer)

Open your Terminal and step by step run the below commands:

打开终端并逐步运行以下命令:

# Make sure terminal refers your correct certificate path.
$ cd ~/Desktop/

# Ask system administrator to open if its not connected 
$ telnet gateway.sandbox.push.apple.com 2195

Trying 17.110.227.35...
Connected to gateway.sandbox.push-apple.com.akadns.net.

Escape character is '^]'.

# Convert .cer to .pem
$ openssl x509 -in aps_development.cer -inform der -out PushCert.pem

# Convert .p12 to .pem. Enter your pass pharse which is the same pwd that you have given while creating the .p12 certificate. PEM pass phrase also same as .p12 cert.  
$ openssl pkcs12 -nocerts -out PushKey1.pem -in pushkey.p12

Enter Import Password:

MAC verified OK

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

# To remove passpharse for the key to access globally. This only solved my stream_socket_client() & certificate capath warnings.
$ openssl rsa -in PushKey1.pem -out PushKey1_Rmv.pem

Enter pass phrase for PushChatKey1.pem:

writing RSA key

# To join the two .pem file into one file:
$ cat PushCert.pem PushKey1_Rmv.pem > ApnsDev.pem

Then Finally move the SimplePush.php to the ApnsDev.pem file location. Both files will be in same folder. and change Device Token, Pass Phrase, Certificate Name(ApnsDev.pem), Message… In simplepush.php Download the file using the below URL. http://d1xzuxjlafny7l.cloudfront.net/downloads/SimplePush.zip Then execute the file in terminal or your domain server

然后最后将SimplePush.php移动到ApnsDev.pem文件位置。两个文件都在同一个文件夹中。并更改设备令牌,密码短语,证书名称(ApnsDev.pem),消息...在simplepush.php中使用以下URL下载文件。 http://d1xzuxjlafny7l.cloudfront.net/downloads/SimplePush.zip然后在终端或域服务器中执行文件

$ php simplepush.php

or

www.Domainname.com/push/simplepush.php  // Now, url shows 'Connected to APNS Message successfully delivered'.

Thats it, the push notification will fly and reach the specific IOS device.

多数民众赞成,推送通知将飞行并到达特定的IOS设备。

If you want to send 'Badge' then change the payload code in simplepush.php like below,

如果你想发送'Badge'然后在simplepush.php中更改有效负载代码,如下所示,

// Construct the notification payload body:

$badge = 1;

$sound = 'default';

$body = array();

$body['aps'] = array('alert' => $message);

if ($badge)

    $body['aps']['badge'] = $badge;

if ($sound)

    $body['aps']['sound'] = $sound;


// End of Configurable 

// Encode the payload as JSON:

$payload = json_encode($body);

Now run the php file again and the app icon appears with badge number in red circle.

现在再次运行php文件,应用程序图标显示为红色圆圈中的徽章编号。

#2


7  

Use this checklist to work through this:

使用此清单可以解决此问题:

  1. Did you create a legitimate certificate via instructions like these.
  2. 您是否通过这些说明创建了合法证书?

  3. Is your .pem file readable by your webserver process (ie permissions and file location are good)? Many setups run apache, for example, under the "www-data" user/group. Side note: make sure visitors can't view the .pem file by browsing to it.
  4. 您的.pem文件是否可以被您的Web服务器进程读取(即权限和文件位置是否良好)?许多设置运行apache,例如,在“www-data”用户/组下运行。附注:确保访问者无法通过浏览来查看.pem文件。

  5. Does your server have the Entrust Secure CA Root Certificate (2048 bit) installed? If not, follow instructions for downloading/installing for your particular server OS.
  6. 您的服务器是否安装了Entrust Secure CA根证书(2048位)?如果没有,请按照特定服务器操作系统的下载/安装说明进行操作。

  7. Is outbound TCP port 2195 open? Many hosting providers do NOT have this outbound port open by default.
  8. 出站TCP端口2195是否打开?默认情况下,许多托管服务提供商都没有打开此出站端口。

#3


0  

In addition to a great answer of Steve N let me add the last point.

除了史蒂夫N的一个很好的答案,让我添加最后一点。

  1. Ensure you understand the warning, especially include details of your certificate and its issuer. You probably don't have a block in your .pem file, i.e. issuer= , subject= etc. and your file begins with -----BEGIN CERTIFICATE. It can be accidentally deleted during conversion of the certificate file.
  2. 确保您了解警告,尤其是包括证书及其颁发者的详细信息。您的.pem文件中可能没有块,即issuer =,subject =等,您的文件以----- BEGIN CERTIFICATE开头。在转换证书文件期间可能会意外删除它。