APNS错误:20无法获得本地发行人证书(使用终端)

I've gone through the process here http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1#comments about 7 times. The other forum posts on this topic didn't seem to provide an answer other than the certificates arent valid. However I followed the steps exactly, and if Im missing something about how to ensure my certificates are valid I am all ears!

我已经通过了http://www.raywenderlich.com/32960/apple-push- notificationservice -in-ios-6-tutorial- part1 #注释7次。其他论坛上关于这个主题的帖子似乎并没有提供除了证书之外的答案。但是我完全按照步骤去做，如果我遗漏了一些关于如何确保我的证书有效的东西，我就会洗耳恭听!

Ive tried using my email as well the email registered with account which hosts the game, and followed every step to the T!

我也试着用我的邮箱注册了这个游戏的账号，并跟踪了每一步的T!

I request a certificate, export my p12 key, download the public certificate, and make them into .pem files.

我请求一个证书，导出我的p12密钥，下载公共证书，并把它们做成。pem文件。

Why am I still getting these errors:

为什么我仍然会犯这些错误:

verify error:num=20:unable to get local issuer certificate verify return:0

验证错误:num=20:无法获得本地发行者证书验证返回:0。

No client certificate CA names sent

没有发送客户端证书。

Here is the full output when I connect to the APNS:

这是我连接APNS时的全部输出:

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert cert.pem -key key.pem

Enter pass phrase for key.pem:
CONNECTED(00000003)
depth=1 /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./OU=iTMS Engineering/CN=gateway.sandbox.push.apple.com
   i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
 1 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
   i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
IIIFGzCCBAOgAwIBAgIETBz90jANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMjA1MjUyMzM3NDZaFw0xNDA1MzEw
NTA4NDhaMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAG
A1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpBcHBsZSBJbmMuMRkwFwYDVQQLExBp
VE1TIEVuZ2luZWVyaW5nMScwJQYDVQQDEx5nYXRld2F5LnNhbmRib3gucHVzaC5h
cHBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/r1z4BRFu
DIU9/vOboVmd7OwaPPLRtcZiZLWxSyG/6KeRPpaeaC6DScvSDRoJuIeTDBup0bg4
08K0Gzh+lfKRlJOC2sma5Wgvk7oP4sty83My3YCZQv4QvgDhx+seONNs6XiA8Cl4
ingDymWGlzb0sTdfBIE/nWiEOtXQZcg6GKePOWXKSYgWyi/08538UihKK4JZIOL2
eIeBwjEwlaXFFpMlStc36uS/8oy+KMjwvuu3HazNMidvbGK2Z68rBnqnOAaDBtuT
K7rwAa5+i8GYY+sJA0DywMViZxgG/xWWyr4DvhtpHfUjyQgg1ixM8q651LNgdRVf
4sB0PfANitq7AgMBAAGjggFZMIIBVTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwu
ZW50cnVzdC5uZXQvbGV2ZWwxYy5jcmwwZQYIKwYBBQUHAQEEWTBXMCMGCCsGAQUF
BzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAwBggrBgEFBQcwAoYkaHR0cDov
L2FpYS5lbnRydXN0Lm5ldC9sMWMtY2hhaW4uY2VyMEAGA1UdIAQ5MDcwNQYJKoZI
hvZ9B0sCMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBh
MB8GA1UdIwQYMBaAFB7xq4kG+EkPATN37hR67hl8kyhNMB0GA1UdDgQWBBSgNiNR
qtTShi8PuJ7UNUEbeE71STAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQAS
EDkUyBHVdRJnCLHY8w9ec92NWqBYqKiSGP0uVCvgpsJIWDBkCGIw1Olks6mQuS9+
R7VRJJFg7EhtufmoRIvjgntKpTe49sB/lrmiZVQGnhjd6YdyYm9+OBUWRvwketLM
v0S+nxZD0qLLJ9foVUB8zP8LtutqFJ5IZw1xb9eSNzhpKkQ9ylj8MCd4tpXZxICL
Gt327poTXwmjQ+31fz7HCQCowMHccP8kiKM5SeYC9q+nkmdaozHVvw4e1RsP+EWO
vPtcH1x1BCkTJajmrO7JuRPLuBEnZGSPUVFRKWP9jy0a28VnJek+oA7rRMRD8irU
fMGbLqkGn8YogdPqe5T1
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./OU=iTMS Engineering/CN=gateway.sandbox.push.apple.com
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C

No client certificate CA names sent

SSL handshake has read 2731 bytes and written 2191 bytes

New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 0BB064CE572CC45FF7FE32B45E53BA282E36ACE58516F0110C2F1C1BCCA647E0B13ADF8273F3122219C0B7C069CB02D7
    Key-Arg   : None
    Start Time: 1396636635
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

First part SOLVED my certificates are valid

第一部分解决了我的证书是有效的。

Adding -CAfile and the 2048 EA cert did the trick.

添加-CAfile和2048 EA cert完成了这个任务。

Now to get this working on my server...

现在让我的服务器工作…

Server code:

服务器代码:

$deviceToken = '05ae9852d21e51d7d516777bad0453456346456456456211a09085abe197c';

        // Put your private key's passphrase here:
        $passphrase = 'password';

        // Put your alert message here:
        $message = 'TEST NOTIFICATION';

        $ctx = stream_context_create();
        stream_context_set_option($ctx, 'ssl', 'local_cert', 'ck.pem');
        stream_context_set_option($ctx, 'ssl', 'passphrase', $passphrase);
        stream_context_set_option($ctx, 'ssl', 'cafile', 'entrust_2048_ca.cer');
        //stream_context_set_option($ctx, 'ssl', 'allow_self_signed', 1);
        //stream_context_set_option($ctx, 'ssl', 'verify_peer', 1);

        // Open a connection to the APNS server
        $fp = stream_socket_client('ssl://gateway.sandbox.push.apple.com:2195', $err, $errstr, 60, STREAM_CLIENT_CONNECT|STREAM_CLIENT_PERSISTENT, $ctx);

Solved

解决了

As stated below it was missing the full path.

如下面所述，它没有完整的路径。

1 个解决方案

#1

See the error:

看到这个错误:

CONNECTED(00000003) depth=1 /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C verify error:num=20:unable to get local issuer certificate verify return:0

连接(00000003)深度=1 /C=US/O=委托，Inc./OU=www.entrust.net/rpa由reference/OU=(C) 2009委托，Inc./CN=委托认证机构- L1C验证错误:num=20:无法获得本地发行人证书验证返回:0。

In the tutorial , on the troobleshooting section read the bullet #3

在教程中，在troobles部分阅读了第3章。

Unable to get local issuer certificate. This error means that the certificate from the server could not be verified. To fix this you need to download the Entrust CA root certificate. This can be done from the Terminal using the command: curl -O https://www.entrust.com/root-certificates/entrust_2048_ca.cer You then also need to add stream_context_set_option($ctx, 'ssl', 'cafile', 'entrust_2048_ca.cer');

无法获得本地发行者证书。这个错误意味着无法验证来自服务器的证书。要解决这个问题，您需要下载委托CA根证书。这可以从终端使用命令来完成:curl -O https://www.entrust.com/root-证书/entrust_2048_ca.cer，然后您还需要添加stream_context_set_option($ctx， 'ssl'， 'cafile'， 'entrust_2048_ca.cer');

Download entrust_2048_ca.cer

下载entrust_2048_ca.cer

make sure all your cerificate are in the same directory as the PHP script.

确保您的cerificate位于与PHP脚本相同的目录中。

Change your code to the following:

将代码更改为:

//applying context to stream option
stream_context_set_option($ctx, 'ssl', 'local_cert', 'ck.pem');
stream_context_set_option($ctx, 'ssl', 'passphrase', $passphrase);
stream_context_set_option($ctx, 'ssl', 'cafile', 'entrust_2048_ca.cer');

You should be good now.

你现在应该好了。

After a long Chat with @Agressor, solution was to put the full path to entrust_2048_ca.cer

在与@Agressor进行了长时间的聊天之后，解决方案是将完整的路径委托给_2048_ca.cer。

/var/www/site/pages/entrust_2048_ca.cer

#1