ansaurus

Question

Answer 1

+4 A:

You are getting an error because it's trying to find your cert.pem file in the directory you are running the script from, not the directory the script is in. In your example, it is your user directory "~".

Try changing your class to this, or something similar:

class pushNotifications {
...
     private $sslPem = 'cert.pem';
...
     function connectToAPNS(){
          $streamContext = stream_context_create();
          stream_context_set_option($streamContext, 'ssl', 'local_cert', dirname(__FILE__) . '/' . $this->sslPem);

Jordan S. Jones 2009-05-01 00:18:33

I am getting past that line now so I am assuming that fixed it, Thanks!!

Jamey McElveen 2009-05-01 00:35:27

turns out that was not (all of) it now I get this.Warning: stream_socket_client(): Unable to set local cert chain file `/Users/jamey/Sites/cert.pem'; Check that your cafile/capath settings include details of your certificate and its issuer in /Users/jamey/Sites/providerService.php on line 29

Jamey McElveen 2009-05-01 03:24:59

Are you using a self signed certificate?

Jordan S. Jones 2009-05-01 04:26:18

Here is how I created the cert. Select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority. Later I right clicked on the key and exported the .pemThis is for the new Push notification (APNS). APNS is still under NDA but this is an issue (i think) due to my lack of PHP understanding.

Jamey McElveen 2009-05-01 12:52:38

SSL certificates work, to put it very simply, on a chaining mechanism. Your certificate is signed by a Certificate authority using it's certificate. When a client (browser, or curl in your case) attempts to "use" your certificate, it will want to validate, or "lookup", the entity that signed it.

Jordan S. Jones 2009-05-01 19:53:34

You may have to specify some additional stream options. Please reference the following url: http://us2.php.net/manual/en/context.ssl.php.You may want to try setting "verify_peer" to false, or "allow_self_signed" to true, etc.

Jordan S. Jones 2009-05-01 19:55:57

Finally got it completely working. I had to convert the cert to SSL. Was able to do this using OpenSSL

Jamey McElveen 2009-05-06 12:33:50

@Jamey can u tell command which converted cert to ssl?@Jordan please rewrite solution you found in the answers.thanks

Ayaz Alavi 2010-06-17 16:02:21

Answer 2

A:

I was having this issue as well, it turns out that for some reason my private key didn't match the one associated with the aps_developer_identity.cer I had...

I ended up clearing all of my public and private keys from my 'login' keychain item, then I started the entire process over again (Generated the request)...I submitted the new request file on the program portal and generated a new certificate, downloaded, and installed it by double-clicking it (developer_identity.cer). Then, I reset the provisioning profiles to use the new Push SSL certs, downloaded those, and installed them by double-clicking (aps_developer_identity.cer). Finally, I reset the provisioning profile and downloaded the new one. I cleared out the old one in the Xcode Organizer, and installed the new one. Finally, I exported my 'private' key as key.p12 and my aps_developer_identity.cer as apsdi.p12, and ran the following commands against them:

openssl pkcs12 -clcerts -nokeys -out apsdi.pem -in apsdi.p12
openssl pkcs12 -nocerts -out key.pem -in key.p12

If you're okay using a passphrase (recommended for production):

cat apsdi.pem key.pem > cert.pem

If you wish to use a 'blank' passphrase, you'll need to unencrypt your private key first, using the password you specified when you converted it to pem format:

openssl rsa -in key.pem -out key.unencrypted.pem

And then cat the cert and unencrypted key into apns.pem (or whatever filename you have chosen):

cat apsdi.pem key.unencrypted.pem > apns.pem

It's very important that you export your aps_developer_identity certificate, not your developer_identity certificate as apsdi.pem.

*If you can expand your developer_identity.cer and aps_developer_identity.cer entries in Keychain Access, and you see a 'private' key when you do, everything should work.*

sluther 2009-09-26 23:34:51

Answer 3

A:

Notes for the future (after having a big headache because of all of this): 1. if you get the handshake error - the pem file you created is probably wrong.

a. make sure the file is in the same directory as the php you are trying to run. b. export the certifcate p12 file AND the key under it in the keychain access utility.both of these files will be the SAME size, but they ARE different. c. do the above "openssl" commands in the macintosh terminal.

currently, all I can do is run the php as sudo, because of the chmod 400 for ck.pem. something got to give...

btw, the message "Failed to enable crypto" will dissappear when the system runs correctly.

Shaul Kedem 2010-02-22 01:54:09

Answer 4

A:

hi everybody.

do i need ssl certificate to be installed on the server from which i am sending the messages to apns? does this ssl cert should be valid or can it be self-signed?

tnx

yehuda 2010-07-14 12:07:01

i got the notifications to work. as it turns out, its just a matter of time, it takes a while (few hours) till the apns starts working normaly for the new account...

yehuda 2010-07-14 17:22:36

ansaurus

tags:

views:

answers:

Error using ssl cert with PHP

related questions