We are trying to establish a connection to Apple push notification server via java-apns but getting exception javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure...
17-11-20 14:38:19,561 INFO [com.notnoop.apns.internal.ApnsConnectionImpl] (http--0.0.0.0-8080-1) Failed to send message Message(Id=11; Token=932CB4BE603318BFDDA8EB08BE1E4D9273E9B8586FFFB304165A06703D4D166A; Payload={"site":null,"resources":{"keyValues":[]},"msgid":"M0325495","aps":{"alert":{"body":"","title":"Intrusion System Alert"},"sound":"default","badge":1}})... trying again after delay: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
we tried pushing the notification from https://pushtry.com using the same p12 certificate and notification delivered to the mobile device.
we have also tested our PEM(generated from .p12) key in production mode.
openssl s_client -connect gateway.push.apple.com:2195 -cert certificate.pem -key certificate.pem
Note: command was executed from the server and we were able to communicate to apple and below is the output.
CONNECTED(00000003)
depth=2 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
verify return:1
depth=0 C = US, ST = California, L = Cupertino, O = Apple Inc., CN = gateway.push.apple.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.push.apple.com
i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgIRALUO38UyltIUAAAAAFDYCGgwDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN
MTYwNTA1MTcyMjU4WhcNMTgwNTAyMTc1MjU3WjBsMQswCQYDVQQGEwJVUzETMBEG
A1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpB
cHBsZSBJbmMuMR8wHQYDVQQDExZnYXRld2F5LnB1c2guYXBwbGUuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6dAf5bULKfDmP4kffSmkPBlf8Zpa
w1FBoRdgd/pTdCLiglp9ALaVBD+eZIZXyRf1DAiC+r3O0rFrCv93uPXYSELw2vdN
n83iZQssq8sAHPEt08y0V4gzUCHn+VTmy4hcemAcVMkfpO3H2wNZpbiqG8SHD4lI
WV+yRL6WeOaftLHHvr1r/zQpEDvJOpeUs3rFIprsV6+5luUktvnJk0Ej8kBTFNrQ
YprJC8B/j6WVQB5q/pdFF5r5PBm4SXjGa7z+rv/2VHmH45ek+M+ZRxKFnfUkr2R7
1IQ6WftayQkk9rtYVOhLlugcQie0B6a9hle2mGqxDIpz3T3PLZ3ofwKa6QIDAQAB
o4IBjTCCAYkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0
L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIZIAYb6bAoBBTAoMCYGCCsGAQUF
BwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwaAYIKwYB
BQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAz
BggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYu
Y2VyMCEGA1UdEQQaMBiCFmdhdGV3YXkucHVzaC5hcHBsZS5jb20wHwYDVR0jBBgw
FoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFO+iPXNQGDthMLPVLYoa
WhMU/t5pMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBANerYY0KsZcpNZYh
YN8EnQBKcGZvea1WJ5g2fuCiyBARlE9FgYvqJ0Ro5RLGsZvnKfW8yiPAwJFHZs7Y
zj3U1zwwz/6AyWl669k+IV40YOlwXAhJ1WJPfI6yLrwXOi8943nPsL9MrplSojKs
9U3zITbcAfwm56uPk9TGlCYrRjLedOAZhY7UUfIarAbJRBy4qgInhz3hBhh4Km5b
rrI9XZC9o4sx+lKhDeaMvhJRr+zA8jbSq8ZzbBqd3tw0Y/HsPuyPvaemj8kXsXvr
/PK34hSHzbkcxHV3/+uuICRHTIta7qAg7Rvupz+FQkFeOZFiznHQDXTTOGvkiykK
QEvmvu8=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.push.apple.com
issuer=/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
---
Acceptable client certificate CA names
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA
/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
/CN=Apple Application Integration 2 Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=US
/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.push.apple.com
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Application Integration Certification Authority
---
SSL handshake has read 3589 bytes and written 2236 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 518607F77C6119A72183C5CF897A01792FCAFDC46128F0EE627FE2DD5604EEF67716FF767D7819408F720791822EA4A8
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1511265529
Timeout : 300 (sec)
Verify return code: 0 (ok)