APNS错误:20无法获取本地颁发者证书(使用终端)

时间:2014-04-04 18:45:49

标签: ios push-notification apple-push-notifications

我已经完成了这个过程http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1#comments大约7次。关于这个主题的其他论坛帖子似乎没有提供除证书无效之外的答案。但是我完全遵循了这些步骤,如果我错过了一些关于如何确保我的证书有效的话,我全都听见了!

我已尝试使用我的电子邮件以及在主持游戏的帐户中注册的电子邮件,并按照每一步到达T!

我申请证书,导出我的p12密钥,下载公共证书,并将它们制作成.pem文件。

为什么我仍然会收到这些错误:

验证错误:num = 20:无法获得本地颁发者证书 验证返回:0

没有发送客户端证书CA名称

这是连接到APNS时的完整输出:

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert cert.pem -key key.pem

Enter pass phrase for key.pem:
CONNECTED(00000003)
depth=1 /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./OU=iTMS Engineering/CN=gateway.sandbox.push.apple.com
   i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
 1 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
   i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
IIIFGzCCBAOgAwIBAgIETBz90jANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMjA1MjUyMzM3NDZaFw0xNDA1MzEw
NTA4NDhaMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAG
A1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpBcHBsZSBJbmMuMRkwFwYDVQQLExBp
VE1TIEVuZ2luZWVyaW5nMScwJQYDVQQDEx5nYXRld2F5LnNhbmRib3gucHVzaC5h
cHBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/r1z4BRFu
DIU9/vOboVmd7OwaPPLRtcZiZLWxSyG/6KeRPpaeaC6DScvSDRoJuIeTDBup0bg4
08K0Gzh+lfKRlJOC2sma5Wgvk7oP4sty83My3YCZQv4QvgDhx+seONNs6XiA8Cl4
ingDymWGlzb0sTdfBIE/nWiEOtXQZcg6GKePOWXKSYgWyi/08538UihKK4JZIOL2
eIeBwjEwlaXFFpMlStc36uS/8oy+KMjwvuu3HazNMidvbGK2Z68rBnqnOAaDBtuT
K7rwAa5+i8GYY+sJA0DywMViZxgG/xWWyr4DvhtpHfUjyQgg1ixM8q651LNgdRVf
4sB0PfANitq7AgMBAAGjggFZMIIBVTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwu
ZW50cnVzdC5uZXQvbGV2ZWwxYy5jcmwwZQYIKwYBBQUHAQEEWTBXMCMGCCsGAQUF
BzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAwBggrBgEFBQcwAoYkaHR0cDov
L2FpYS5lbnRydXN0Lm5ldC9sMWMtY2hhaW4uY2VyMEAGA1UdIAQ5MDcwNQYJKoZI
hvZ9B0sCMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBh
MB8GA1UdIwQYMBaAFB7xq4kG+EkPATN37hR67hl8kyhNMB0GA1UdDgQWBBSgNiNR
qtTShi8PuJ7UNUEbeE71STAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQAS
EDkUyBHVdRJnCLHY8w9ec92NWqBYqKiSGP0uVCvgpsJIWDBkCGIw1Olks6mQuS9+
R7VRJJFg7EhtufmoRIvjgntKpTe49sB/lrmiZVQGnhjd6YdyYm9+OBUWRvwketLM
v0S+nxZD0qLLJ9foVUB8zP8LtutqFJ5IZw1xb9eSNzhpKkQ9ylj8MCd4tpXZxICL
Gt327poTXwmjQ+31fz7HCQCowMHccP8kiKM5SeYC9q+nkmdaozHVvw4e1RsP+EWO
vPtcH1x1BCkTJajmrO7JuRPLuBEnZGSPUVFRKWP9jy0a28VnJek+oA7rRMRD8irU
fMGbLqkGn8YogdPqe5T1
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./OU=iTMS Engineering/CN=gateway.sandbox.push.apple.com
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C

No client certificate CA names sent

SSL handshake has read 2731 bytes and written 2191 bytes

New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 0BB064CE572CC45FF7FE32B45E53BA282E36ACE58516F0110C2F1C1BCCA647E0B13ADF8273F3122219C0B7C069CB02D7
    Key-Arg   : None
    Start Time: 1396636635
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

第一部分已解决我的证书有效

添加-CAfile和2048 EA证书就可以了。

现在让我的服务器正常工作......

服务器代码:

$deviceToken = '05ae9852d21e51d7d516777bad0453456346456456456211a09085abe197c';

        // Put your private key's passphrase here:
        $passphrase = 'password';

        // Put your alert message here:
        $message = 'TEST NOTIFICATION';

        $ctx = stream_context_create();
        stream_context_set_option($ctx, 'ssl', 'local_cert', 'ck.pem');
        stream_context_set_option($ctx, 'ssl', 'passphrase', $passphrase);
        stream_context_set_option($ctx, 'ssl', 'cafile', 'entrust_2048_ca.cer');
        //stream_context_set_option($ctx, 'ssl', 'allow_self_signed', 1);
        //stream_context_set_option($ctx, 'ssl', 'verify_peer', 1);

        // Open a connection to the APNS server
        $fp = stream_socket_client('ssl://gateway.sandbox.push.apple.com:2195', $err, $errstr, 60, STREAM_CLIENT_CONNECT|STREAM_CLIENT_PERSISTENT, $ctx);

解决

如下所述,它缺少完整的路径。

1 个答案:

答案 0 :(得分:12)

查看错误:

  

CONNECTED(00000003)depth = 1 / C = US / O =委托,   Inc./OU=www.entrust.net/rpa通过引用并入/ OU =(c)2009   Entrust,Inc. / CN = Entrust证书颁发机构 - L1C验证   错误:num = 20:无法获取本地颁发者证书验证返回:0

在教程中,在troobleshooting部分阅读子弹#3

  

无法获得本地颁发者证书。这个错误意味着   无法验证来自服务器的证书。解决这个问题   需要下载Entrust CA根证书。这可以做到   从终端使用命令:curl -O   https://www.entrust.com/root-certificates/entrust_2048_ca.cer然后你   还需要添加stream_context_set_option($ ctx,'ssl','cafile',   'entrust_2048_ca.cer');

下载entrust_2048_ca.cer

确保您的所有证书都与PHP脚本位于同一目录中。

将您的代码更改为以下内容:

//applying context to stream option
stream_context_set_option($ctx, 'ssl', 'local_cert', 'ck.pem');
stream_context_set_option($ctx, 'ssl', 'passphrase', $passphrase);
stream_context_set_option($ctx, 'ssl', 'cafile', 'entrust_2048_ca.cer');

你现在应该好。

@Agressor长时间聊天后,解决办法是将完整路径设为entrust_2048_ca.cer 

/var/www/site/pages/entrust_2048_ca.cer
相关问题
最新问题