I wrote a test php page that just sends out a generic push notification and it works intermittently. Sometimes it delivers the message and other times I get this error:
"Message: stream_socket_client() [function.stream-socket-client]: 开发者_开发百科Unable to set local cert chain file `/var/www/ninerobot.com/public/mlb/certs/mlbtr-push-dev.pem'; Check that your cafile/capath settings include details of your certificate and its issuer"
Do you know how I can solve this issue?
I see that on Apple's docs it says "Note: To establish a TLS session with APNs, an Entrust Secure CA root certificate must be installed on the provider’s server. If the server is running Mac OS X, this root certificate is already in the keychain. On other systems, the certificate might not be available. You can download this certificate from the Entrust SSL Certificates website." Does this mean anything that I need to do?
Me too got more struggle to do the same. Eventually I found solution to send push notification through PHP global url. Try the below steps. Before that I hope you all know to generate the 3 certificates thats PushChat.certSigningRequest, pushkey.p12 & aps_development.cer (csr,p12,cer)
Open your Terminal and step by step run the below commands:
# Make sure terminal refers your correct certificate path.
$ cd ~/Desktop/
# Ask system administrator to open if its not connected
$ telnet gateway.sandbox.push.apple.com 2195
Trying 17.110.227.35...
Connected to gateway.sandbox.push-apple.com.akadns.net.
Escape character is '^]'.
# Convert .cer to .pem
$ openssl x509 -in aps_development.cer -inform der -out PushCert.pem
# Convert .p12 to .pem. Enter your pass pharse which is the same pwd that you have given while creating the .p12 certificate. PEM pass phrase also same as .p12 cert.
$ openssl pkcs12 -nocerts -out PushKey1.pem -in pushkey.p12
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
# To remove passpharse for the key to access globally. This only solved my stream_socket_client() & certificate capath warnings.
$ openssl rsa -in PushKey1.pem -out PushKey1_Rmv.pem
Enter pass phrase for PushChatKey1.pem:
writing RSA key
# To join the two .pem file into one file:
$ cat PushCert.pem PushKey1_Rmv.pem > ApnsDev.pem
Then Finally move the SimplePush.php to the ApnsDev.pem file location. Both files will be in same folder. and change Device Token, Pass Phrase, Certificate Name(ApnsDev.pem), Message… In simplepush.php Download the file using the below URL. http://d1xzuxjlafny7l.cloudfront.net/downloads/SimplePush.zip Then execute the file in terminal or your domain server
$ php simplepush.php
or
www.Domainname.com/push/simplepush.php // Now, url shows 'Connected to APNS Message successfully delivered'.
Thats it, the push notification will fly and reach the specific IOS device.
If you want to send 'Badge' then change the payload code in simplepush.php like below,
// Construct the notification payload body:
$badge = 1;
$sound = 'default';
$body = array();
$body['aps'] = array('alert' => $message);
if ($badge)
$body['aps']['badge'] = $badge;
if ($sound)
$body['aps']['sound'] = $sound;
// End of Configurable
// Encode the payload as JSON:
$payload = json_encode($body);
Now run the php file again and the app icon appears with badge number in red circle.
Use this checklist to work through this:
- Did you create a legitimate certificate via instructions like these.
- Is your .pem file readable by your webserver process (ie permissions and file location are good)? Many setups run apache, for example, under the "www-data" user/group. Side note: make sure visitors can't view the .pem file by browsing to it.
- Does your server have the Entrust Secure CA Root Certificate (2048 bit) installed? If not, follow instructions for downloading/installing for your particular server OS.
- Is outbound TCP port 2195 open? Many hosting providers do NOT have this outbound port open by default.
In addition to a great answer of Steve N let me add the last point.
- Ensure you understand the warning, especially include details of your certificate and its issuer. You probably don't have a block in your .pem file, i.e.
issuer=
,subject=
etc. and your file begins with-----BEGIN CERTIFICATE
. It can be accidentally deleted during conversion of the certificate file.
Might be irrelevant for OP's Q, but I've tried all openssl statements with all the different flags, while trying to connect with PHP \SoapClient(...)
and after 3 days I finally found a solution that worked for me. Posting so the next dude(tte) may find this easier than me.
GitBash
$ cd path/to/certificate/
$ openssl pkcs12 -in personal_certificate.pfx -out public_key.pem -clcerts
First you have to enter YOUR_CERT_PASSWORD
once, then DIFFERENT_PASSWORD!
twice. The latter will possibly be available to everyone with access to code.
PHP
<?php
$wsdlUrl = "https://example.com/service.svc?singlewsdl";
$publicKey = "rel/path/to/certificate/public_key.pem";
$password = "DIFFERENT_PASSWORD!";
$params = [
'local_cert' => $publicKey,
'passphrase' => $password,
'trace' => 1,
'exceptions' => 0
];
$soapClient = new \SoapClient($wsdlUrl, $params);
var_dump($soapClient->__getFunctions());
精彩评论