Hi,
today I am getting this exception on our Java application, which communicates with the Apple APNS servers. Our server had worked properly for months with push notifications.
Probably this is inherent to:
https://developer.apple.com/forums/thread/44866
By running:
I got this error message:
verify error:num=21:unable to verify the first certificate
Any idea? Thanks
today I am getting this exception on our Java application, which communicates with the Apple APNS servers. Our server had worked properly for months with push notifications.
Code Block certificate: ... CN=api.push.apple.com` Fatal (CERTIFICATE_UNKNOWN): PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target`
Probably this is inherent to:
https://developer.apple.com/forums/thread/44866
By running:
Code Block $> dig +short a api.push.apple.com api.push-apple.com.akadns.net. 17.188.168.10 ... $> openssl s_client -connect 17.188.168.10:443
I got this error message:
verify error:num=21:unable to verify the first certificate
Any idea? Thanks
Solved.
By opening https://api.push.apple.com on FireFox, which cross-checks the website handshaking, this error was displayed: SSL_ERROR_BAD_MAC_READ
Opening the same page on FireFox from another network, there was any problem to load it.
Our system administrator found out that our firewall was configured to allow connections only to api.push.apple.com.
To solve it, a new rule for api.push-apple.com.akadns.net and api.sandbox.push-apple.com.akadns.net has to be added:
By opening https://api.push.apple.com on FireFox, which cross-checks the website handshaking, this error was displayed: SSL_ERROR_BAD_MAC_READ
Opening the same page on FireFox from another network, there was any problem to load it.
Our system administrator found out that our firewall was configured to allow connections only to api.push.apple.com.
To solve it, a new rule for api.push-apple.com.akadns.net and api.sandbox.push-apple.com.akadns.net has to be added:
Code Block dig api.push.apple.com: ... ;; ANSWER SECTION: api.push.apple.com. 220 IN CNAME api.push-apple.com.akadns.net. api.push-apple.com.akadns.net. 21 IN A 17.188.144.174 api.push-apple.com.akadns.net. 21 IN A 17.188.156.30 ...