APNS sandbox ssl problem

App & System Services Notifications
iampomo OP
Created Jul ’16
Replies 15
Boosts 0
Views 8.2k
Participants 12

For the last day I've been unable to connect the the APNS sandbox from my java server. The error I'm getting is


javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Certificate chaining error


I've debugged the code, and it boils down to some canonical domain name not matching with something in my certificate:


One looks like this:

cn=entrust.net certification authority (2048),ou=(c) 1999 entrust.net limited,ou=#14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e29,o=entrust.net


And the other like this:

cn=entrust certification authority - l1k,ou=(c) 2012 entrust\, inc. - for authorized use only,ou=see www.entrust.net/legal-terms,o=entrust\, inc.,c=us


... and apparenty they should match.


I've regenterated my p12 files, and my provisioning profiles and pretty much everything else I could think of and still no luck.


If I run and connect to production APNS and look at the corresponding value in the debugger its this (and it's not crashing):


cn=entrust certification authority - l1c,ou=(c) 2009 entrust\, inc.,ou=www.entrust.net/rpa is incorporated by reference,o=entrust\, inc.,c=us
Replies  15
Boosts  0
Views  8.2k
Participants  12
Foriger OP
Jul ’16

I have exact same issue 🙂

0
pavan.madisetty OP
Jul ’16

Even i am facing the same issue for only the developer certificate. Can anyone please update on this, why this is happening and when it will start works.

0
earwax1uk OP
Jul ’16

Same issue here, any ideas on a fix?

0
spillerdelicate OP
Jul ’16

Same issue here!

0
Jarvan OP
Jul ’16

Same issue here!


and How to solve

0
ilya.klu OP
Jul ’16

The same problem... Any variants how to solve?

Can importing of certificates chain in system help?

0
prushby OP
Jul ’16

The whole development apns system has been flaky for over a week now. This is causing a lot of wasted time. This is not an edge case problem so why haven't Apple tested and resolved this?

0
Taichiro Yoshida OP
Jul ’16

Try this. I think this is temporary issue.


$ echo -n | openssl s_client -connect gateway.sandbox.push.apple.com:2195 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > gateway.sandbox.push.apple.com.crt
$ sudo keytool -import -trustcacerts -keystore /usr/java/default/jre/lib/security/cacerts -storepass changeit -noprompt -alias gateway.sandbox.push.apple.com -file gateway.sandbox.push.apple.com.crt

$ echo -n | openssl s_client -connect feedback.sandbox.push.apple.com:2196 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > feedback.sandbox.push.apple.com.crt
$ sudo keytool -import -trustcacerts -keystore /usr/java/default/jre/lib/security/cacerts -storepass changeit -noprompt -alias feedback.sandbox.push.apple.com -file feedback.sandbox.push.apple.com.crt
0
Jarvan OP
Jul ’16

it is work

but,why do you think this is temporary issue.

They can restore?

0
Taichiro Yoshida OP
Jul ’16

Since they haven't announced yet :)

0
WHiTEBOX OP
Jul ’16

I can't even connect to gateway.sandbox.push.apple.com:2195, just timeout.


Seems to be working again.


17.110.227.35 gateway.sandbox.push-apple.com.akadns.net gateway.sandbox.push.apple.com

17.110.226.164 gateway.sandbox.push-apple.com.akadns.net gateway.sandbox.push.apple.com

0
Jarvan OP
Jul ’16

It helps a lot , thanks you so much.

One more question, Could you please explain the theory of this issue, i work for it for last 9 hours until now ,but i could not find a better soultion for that.

0
Anantha OP
Jul ’16

Seems working again.. I am able to send notification using SandBox certificates.


Thanks,

0
iampomo OP
Jul ’16

Does anyone know of a way to alert someone appropriate at apple for the next time this happens? Is there an APS dev team or a forum?

0
jonchambers OP
Aug ’16

Have you filed a bug report?

0
APNS sandbox ssl problem
First post date Last post date
 
 
Q