Need SERIOUS help with APNS Push Notifications

[ekek]

Hi:

A year ago I developed an internal app that used APNS (Push notifications) in a Development environment. After several tries (in my laptop didn´t work, so I bought a new Mac and in it worked) everything worked and the app was used without problem for about 2 weeks.

This year (2 weeks ago) I've tried to make the same thing but for some reason and after more than a hundred! tries, the creation of the APN certificate and solution didn't work.

I've tried the 2 aproaches given in the lesson http://lessons.runrev.com/s/lessons/m/4 ... s-with-ios and also the Ray Wenderlich tutorial wich by the way is very very good
http://www.raywenderlich.com/32960/appl ... ial-part-1

The first approach (and the one that worked last year) was to use APNAssistant from John Craig of Splash21. The strange thing was that when the assistant generates the CSR and Private and Public Key, my Keychain does not generate an APN Certificate that I can export as a .p12 file. From then it is obvious that the proccess will not work (as it happened). This sound me strange because as I said, it worked fine last year, also given the various bugs that recent versions have, make me wonder if there is a bug.

The second option was to follow the full excercise given in the lesson. I followed the procedure more than a hundred times and ALWAYS ended with a Error code 20: verify error:num=20:unable to get local issuer certificate

I have found that the answers to that error are incomplete and in some cases inneficient (If you have an error then you made something wrong) and can´t believe that I couldn't follow the instructions wich after 20 times I see very simple but susceptible to filename errors.

I have read several forums but everyone says the same kind of answer "if you guet the error then you made something wrong" wich is a cheap answer, I think there must be something else.

In a website I found an explanation that the Entrust Root Certification Authority could be the reason and that Entrust_2048.cer should be downloaded, I did it altought the certificate appears on my Keychain as valid (maybe I didn´t installed in the right way). It neither worked.

Another test that always failed is the one that the lessons says but does not gives the solution, it is to type in the terminal:
openssl s_client -showcerts -connect gateway.sandbox.push.apple.com:2195
The result is the same error 20 but as I say, the lesson does not gives a solution and repeats the same thing.

As you could infer, I am not an expert on certificates but I think I'm a pretty good developer in LiveCode so this is why I am asking for REAL and SERIOUS support.

Thanks in advance

[Mikey]

For starters, none of this has anything to do with LC, or your skill with LC. John's APNS assistant is just a wrapper for the shell commands that have to be executed to send push notifications. If you read through the scripts, you will see that (including the openssl line you referenced). I would recommend reading through his code and the tutorial that you referenced, then try to make things work manually with one device. If you can't, then APNS Assistant won't help you, either.

What was the laptop you were trying to use: Windows or Mac? If Windows, then yes, there are issues making push work. It is related to (for whatever reason) line termination at the end of the command. I have yet to figure out how to make it work. Push works fine from a Mac, for me, but unless I manually intervene, I can't get Windows to cooperate, because of having to terminate the last line, but not being able to get the command shell to take the terminator.

What exactly is the error that you are getting? If you're just getting "verify error:num=20:unable to get local user certificate (as part of a bigger output), then you're not getting an error regarding push not working. The error is more of a warning that your certificate was issued by you, and not by a global certificate authority, but it will not affect your ability to use APNS. Look all the way at the bottom of the output from APNS. If you see "Done", then it accepted your push message.

The best place to really try to track down all of the silliness with APNS is at the Apple Developer Forums, where APNS is a cause of frustration for many. I will tell you this: 1) It's a PITA until you get it to work. 2) Push ID's change. 3) APNS will be unhelpful with the messages you receive. 4) You might think that the production server would be more helpful, especially with devices falling off the grid - but sometimes it is not. 5) I have yet to see good answers to some of the questions posted on the forums about APNS.

[ekek]

Hi Mikey:

Thanks so much for your time. Let's start:

1.- Yes, I understand that APNAssistant is a wrapper, as I mentioned it was my first option because it saves time and it worked fine previously.
When I realized that the assistant will not work (fifth try) I changed to the manual procedure and shell commands.

2.- The laptop is a Powerbook, the desktop computer is a Mac, both with OS X Yosemite 10.10.2, XCode 6.1.1 and LC 6.7.3. I don´t use Windows.

3.- This is the error. I replaced some elements like master key and part of the certificate

Result after attempting to send notification to server:

depth=1 /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
CONNECTED(00000003)
---
Certificate chain
0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
1 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIETCMmsDANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
........
........
........
........
........
........
........
........
........
........
........
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
---
Acceptable client certificate CA names
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA
/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Application Integration Certification Authority
---
SSL handshake has read 3687 bytes and written 2053 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: C3C06XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Key-Arg : None
Start Time: 1426643426
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE


-----

Do you think this info can be useful?

Thanks again!

[Mikey]

All of that looks normal to me. So is the only behavior that you're seeing that the notification isn't making it to your device?

[ekek]

I have found the "error".

The reason was that the UUID of the device changed (something that is documented but I had not seen to happen), so the APNs where in fact sent but never reached the right device.

Thanks for your time

Regards!

[Mikey]

It's not the UUID, unfortunately, it's a push I'd, and, yes, I've had them change on me, without warning, too. Now I keep the push I'd of each device inside the app and if it changes, forward the old and new one to me because APNS won't give any indication that something is wrong. I'm glad you got it working.

[ekek]

Thanks Mikey I appreciate your help!

[ekek]

Now I will try to make it work on the server.

Is the same procedure? Do I have to install a certificate in it?

[Mikey]

Umm, yes, but you can use the same one (but you already knew that)

[Ctov]

I used command in the image ...

Its not shown error
verify error:num=20:unable to get local issuer certificate
verify return:0

[Mikey]

Ignore transcript things, including the err 20's. Look at the very bottom of the transcript. Do you get a "Done"?