Hello,
I have a production provisioning profile with that supports push notifications. I have generated the push notification PEM file, which contains both the cert and the key. I have done this using a number of different methods that I found on the web.
The resulting PEM file works fine, with 1 caveat. I cannot seem to incorporate a passphrase the the PEM file.
Here is how I have tested this:
On my LOCAL machine that I created the PEM file, I tested a push notification by using a Python-based push notification client (PyAPNS) and sent a push notification to an App that I have installed on my iPhone via TestFlight (using a production/distribution provisioning profile). This works.
On a remote server (where the actual service that sends the push notification to Apple), I have installed this PEM file, pointed the PHP-based server at it, and sent a push notification to my device. This works.
On my LOCAL machine, I create a PEM file with the combined cert and key from above; however, this time, I use a passphrase to generate the PEM file. I upload this new PEM file to the remote server running PHP, point the server at this new certificate, add the logic to incorporate the passphrase, and then everything breaks. It isn't that I am NOT receiving the push notification (which, I am not), but the push notification call returns an error, and I am pretty sure fails to send. Here is the PHP code snipet:
$apns_cert= 'apple_push_certificate_location/mycert.pem';
$ctx = stream_context_create();
stream_context_set_option($ctx, 'ssl', 'passphrase', 'mypassphrase');
stream_context_set_option($ctx, 'ssl', 'local_cert', $apns_cert);
$fp = stream_socket_client(
'ssl://gateway.push.apple.com:2195', $err,
$errstr, 60, STREAM_CLIENT_CONNECT|STREAM_CLIENT_PERSISTENT, $ctx);
if (!$fp)
exit("Failed to connect: $err $errstr" . PHP_EOL);
// End snipet
The err is a 0 and the errstr is blank. I know that this code snippet works, because it works when the PEM does not have a passphrase, and I have seen this code snipet all over the web.
Big question: Do I need to generate the PEM file with the passphrase on the machine that is serving up the push notification request? Like I said, I am generating the PEM with the passphrase on my local machine, and then uploading the result to the server.
Oh, also, I did use the openssl s_client with both the passphrase and not passphrase, and the output of both gave me the certificates back and the Master-Key in the results. The PEM without the passphrase also gave me output for the TLS session ticket, but the PEM with the passphrase did not.
Any help would be appreciated.
