It is very simple to determine whether a push certificate in the CER format is effective, and a MAC application such as Pushmebaby\smartpush pushes a push notification to the device.
However, the server uses a push certificate that is often in the. PEM (Php/golang service side) or. P12 (java/c# server) format, and we can use the following OpenSSL command to determine if the servers push certificate is valid, and then decide whether it is a service-side code issue:
Turn pkcs#12 (. pfx. P12) into PEM:
Use the following command to convert a PEM file that contains both the private key and the certificate:
openssl pkcs12 -in apns_production_privatekey.p12 -out apns_production_privatekey.pem -nodes
You will be prompted for a password during the export of the P12 file.
Note: If only the private key can be exported with the-nocerts parameter, only the certificate can be exported with the-nokeys parameter added.
Test Production Certificate:
openssl s_client -connect gateway.push.apple.com:2195 -cert apns_production_privatekey.pem
If you output the following information (), it indicates that the certificate is normal:
CONNECTED (00000003) Depth=1/c=us/o=entrust,
Inc./ou=www.entrust.net/rpa is incorporated by Reference/ou= (c) 2009
Entrust, Inc./cn=entrust certification authority-l1c Verify
Error:num=20:unable to get local issuer certificate Verify return:0
-certificate chain 0 s:/c=us/st=california/l=cupertino/o=apple inc./cn=gateway.push.apple.com I:/C=US/O=Entrust,
Inc./ou=www.entrust.net/rpa is incorporated by Reference/ou= (c) 2009
Entrust, Inc./cn=entrust certification authority-l1c 1
S:/c=us/o=entrust, Inc./ou=www.entrust.net/rpa is incorporated by
Reference/ou= (c) Entrust, inc./cn=entrust certification Authority
-L1c i:/o=entrust.net/ou=www.entrust.net/cps_2048 Incorp. By Ref. (Limits Liab.) /ou= (c) 1999 Entrust.net Limited/cn=entrust.net
Certification authority (2048)
-server Certificate
-–begin CERTIFICATE-–MIIFIZCCBAUGAWIBAGIETCMVVJANBGKQHKIG9W0BAQUFADCBSTELMAKGA1UEBHMC ...
... de7tgjemdbgmtx2wn0r0erg+9nnjoeq=
-–end Certificate-–subject=/c=us/st=california/l=cupertino/o=apple
Inc./cn=gateway.push.apple.com Issuer=/c=us/o=entrust,
Inc./ou=www.entrust.net/rpa is incorporated by Reference/ou= (c) 2009
Entrust, Inc./cn=entrust certification authority-l1c
-acceptable client certificate CA names/c=us/o=apple inc./ou=apple certification authority/cn=apple Root CA/C=US/O=APPL E inc./ou=apple
Worldwide Developer Relations/cn=apple Worldwide Developer relations
Certification Authority/c=us/o=apple inc./ou=apple Certification
Authority/cn=apple Application Integration Certification Authority
-ssl handshake has read 3144 bytes and written 2168 bytes
-new, Tlsv1/sslv3, Cipher is Aes256-sha Server public key was 2048 bit Secure renegotiation is supported Compression:none Expansion:
NONE ssl-session:
Protocol:tlsv1
Cipher:aes256-sha
Session-id:
Session-id-ctx:
Master-key:9e737f1bd1ac1d41a2d6486b9f2dd08ef3b87ec9a91ebb42396d9664b34ff534da2dcf4a897688ecbefe00b069c481bc
Key-arg:none
Start time:1452222166
timeout:300 (SEC)
Verify return code:0 (OK)
How do I verify that the server push certificate is valid?