The first time that I create my certificate I had some problems, for this reason I decide to write them down in order to remember how I should proceed the next time.
I will describe what I did to create the Certificate for the developer and for the production almost all the steps are the same.
I suppose that you already have your APP ID, remember should be without * (no wild cards)
On the developer site of apple,Ios Provisioning Portal -> APP IDs then click configure on your application and check Enable for Apple Push Notification service
Now click configure and follow the steps
which are:
Open Keychain Access, go on the drop down menu, select Keychain Access -> Certificate Assistant -> Request a Certificate from a Certificate Authority
In the Certificate Information window, enter the following information:
* In the User Email Address field, enter your email address
* In the Common Name field, create a name for your private key
(eg. John Doe Dev Key)
* In the Request is group, select the “Saved to disk” option
Click Continue within Keychain Access to complete the CSR generating process (all this is from the window that Apple site will show)
Now that you have save the CSR on your disk, you can click continue and upload it
Wait for the genration of the cer file, which should take around a minutes, when finish download it
Import the CER file into keychain and export the certificate and the key (not the public key) and saved as .p12 files.
Download the entrust ca https://www.entrust.net/downloads/binary/entrust_2048_ca.cer
Then you can generate the certificate and the key by running these commands:
openssl pkcs12 -clcerts -nokeys -out apns-cert.pem -in apns-cert.p12 -CAfile entrust_2048_ca.cer openssl pkcs12 -nocerts -out apns-key.pem -in apns-key.p12 -CAfile entrust_2048_ca.cer cat apns-cert.pem apns-key.pem > apns.pem
The apns.pem will be used by your own php script communicating with APNS.
if you do not want the password, you can remove with this command
openssl rsa -in apns-key.pem -out apns-key-unencrypted.pem
Then combine the certificate and key
cat apns-cert.pem apns-key-unencrypted.pem > apns.pem
you can test for the sanbox area with this command
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert apns.pem
However, it does not work for the production it will return error 21
depth=0 /C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Services/CN=gateway.push.apple.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Services/CN=gateway.push.apple.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Services/CN=gateway.push.apple.com verify error:num=21:unable to verify the first certificate verify return:1
However, when I used with my PHP everything was working
I was stuck with that error,