当前位置: 文江博客话题详情

推送通知错误:“无法设置本地证书链文件”

发布于 2024-09-08 03:48:12 字数 411 浏览 5 评论 0原文

我编写了一个测试 php 页面,该页面仅发送通用推送通知,并且它间歇性地工作。有时它会传递消息,有时我会收到此错误:

“消息:stream_socket_client() [function.stream-socket-client]:无法设置本地证书链文件`/var/www/ninerobot.com/public/mlb/ certs/mlbtr-push-dev.pem'; 检查您的 cafile/capath 设置是否包含您的证书及其颁发者的详细信息”

您知道如何解决此问题吗?

我在 Apple 的文档中看到它说“注意:要与 APN 建立 TLS 会话,必须在提供商的服务器上安装 Entrust Secure CA 根证书。如果服务器运行 Mac OS X,则此根证书已在钥匙串中在其他系统上,该证书可能不可用。”这是否意味着我需要做些什么?

原文

I wrote a test php page that just sends out a generic push notification and it works intermittently. Sometimes it delivers the message and other times I get this error:

"Message: stream_socket_client() [function.stream-socket-client]: Unable to set local cert chain file `/var/www/ninerobot.com/public/mlb/certs/mlbtr-push-dev.pem'; Check that your cafile/capath settings include details of your certificate and its issuer"

Do you know how I can solve this issue?

I see that on Apple's docs it says "Note: To establish a TLS session with APNs, an Entrust Secure CA root certificate must be installed on the provider’s server. If the server is running Mac OS X, this root certificate is already in the keychain. On other systems, the certificate might not be available. You can download this certificate from the Entrust SSL Certificates website." Does this mean anything that I need to do?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

倾城花音 2024-09-15 03:48:12

我也需要付出更多的努力才能做到同样的事情。最终我找到了通过 PHP 全局 url 发送推送通知的解决方案。尝试以下步骤。在此之前,我希望大家都知道生成 3 个证书,即 PushChat.certSigningRequest、pushkey.p12 和aps_development.cer (csr,p12,cer)

打开终端并逐步运行以下命令:

# Make sure terminal refers your correct certificate path.
$ cd ~/Desktop/

# Ask system administrator to open if its not connected 
$ telnet gateway.sandbox.push.apple.com 2195

Trying 17.110.227.35...
Connected to gateway.sandbox.push-apple.com.akadns.net.

Escape character is '^]'.

# Convert .cer to .pem
$ openssl x509 -in aps_development.cer -inform der -out PushCert.pem

# Convert .p12 to .pem. Enter your pass pharse which is the same pwd that you have given while creating the .p12 certificate. PEM pass phrase also same as .p12 cert.  
$ openssl pkcs12 -nocerts -out PushKey1.pem -in pushkey.p12

Enter Import Password:

MAC verified OK

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

# To remove passpharse for the key to access globally. This only solved my stream_socket_client() & certificate capath warnings.
$ openssl rsa -in PushKey1.pem -out PushKey1_Rmv.pem

Enter pass phrase for PushChatKey1.pem:

writing RSA key

# To join the two .pem file into one file:
$ cat PushCert.pem PushKey1_Rmv.pem > ApnsDev.pem

然后最后将 SimplePush.php 移动到 ApnsDev.pem 文件位置。两个文件将位于同一文件夹中。并更改设备令牌、密码短语、证书名称(ApnsDev.pem)、消息... 在 simplepush.php 中使用以下 URL 下载文件。
http://d1xzuxjlafny7l.cloudfront.net/downloads/SimplePush.zip< /强>
然后在终端或域服务器中执行该文件

$ php simplepush.php

,或者

www.Domainname.com/push/simplepush.php  // Now, url shows 'Connected to APNS Message successfully delivered'.

就是这样,推送通知将飞行并到达特定的 IOS 设备。

如果您想发送“徽章”,请更改 simplepush.php 中的有效负载代码,如下所示,

// Construct the notification payload body:

$badge = 1;

$sound = 'default';

$body = array();

$body['aps'] = array('alert' => $message);

if ($badge)

    $body['aps']['badge'] = $badge;

if ($sound)

    $body['aps']['sound'] = $sound;


// End of Configurable 

// Encode the payload as JSON:

$payload = json_encode($body);

现在再次运行 php 文件,应用程序图标将出现,徽章编号以红色圆圈显示。

Me too got more struggle to do the same. Eventually I found solution to send push notification through PHP global url. Try the below steps. Before that I hope you all know to generate the 3 certificates thats PushChat.certSigningRequest, pushkey.p12 & aps_development.cer (csr,p12,cer)

Open your Terminal and step by step run the below commands:

# Make sure terminal refers your correct certificate path.
$ cd ~/Desktop/

# Ask system administrator to open if its not connected 
$ telnet gateway.sandbox.push.apple.com 2195

Trying 17.110.227.35...
Connected to gateway.sandbox.push-apple.com.akadns.net.

Escape character is '^]'.

# Convert .cer to .pem
$ openssl x509 -in aps_development.cer -inform der -out PushCert.pem

# Convert .p12 to .pem. Enter your pass pharse which is the same pwd that you have given while creating the .p12 certificate. PEM pass phrase also same as .p12 cert.  
$ openssl pkcs12 -nocerts -out PushKey1.pem -in pushkey.p12

Enter Import Password:

MAC verified OK

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

# To remove passpharse for the key to access globally. This only solved my stream_socket_client() & certificate capath warnings.
$ openssl rsa -in PushKey1.pem -out PushKey1_Rmv.pem

Enter pass phrase for PushChatKey1.pem:

writing RSA key

# To join the two .pem file into one file:
$ cat PushCert.pem PushKey1_Rmv.pem > ApnsDev.pem

Then Finally move the SimplePush.php to the ApnsDev.pem file location. Both files will be in same folder. and change Device Token, Pass Phrase, Certificate Name(ApnsDev.pem), Message… In simplepush.php Download the file using the below URL.
http://d1xzuxjlafny7l.cloudfront.net/downloads/SimplePush.zip
Then execute the file in terminal or your domain server

$ php simplepush.php

or

www.Domainname.com/push/simplepush.php  // Now, url shows 'Connected to APNS Message successfully delivered'.

Thats it, the push notification will fly and reach the specific IOS device.

If you want to send 'Badge' then change the payload code in simplepush.php like below,

// Construct the notification payload body:

$badge = 1;

$sound = 'default';

$body = array();

$body['aps'] = array('alert' => $message);

if ($badge)

    $body['aps']['badge'] = $badge;

if ($sound)

    $body['aps']['sound'] = $sound;


// End of Configurable 

// Encode the payload as JSON:

$payload = json_encode($body);

Now run the php file again and the app icon appears with badge number in red circle.

回复 原文
骄傲 2024-09-15 03:48:12

使用此清单来解决此问题:

  1. 您是否通过 这些
  2. 您的网络服务器进程是否可以读取您的.pem 文件(即权限和文件位置良好)?许多设置都在“www-data”用户/组下运行 apache。旁注:确保访问者无法通过浏览来查看 .pem 文件。
  3. 您的服务器是否安装了Entrust Secure CA 根证书(2048 位)?如果没有,请按照您的特定服务器操作系统的下载/安装说明进行操作。
  4. 出站 TCP 端口 2195 是否打开?许多托管提供商默认情况下没有打开此出站端口。

Use this checklist to work through this:

  1. Did you create a legitimate certificate via instructions like these.
  2. Is your .pem file readable by your webserver process (ie permissions and file location are good)? Many setups run apache, for example, under the "www-data" user/group. Side note: make sure visitors can't view the .pem file by browsing to it.
  3. Does your server have the Entrust Secure CA Root Certificate (2048 bit) installed? If not, follow instructions for downloading/installing for your particular server OS.
  4. Is outbound TCP port 2195 open? Many hosting providers do NOT have this outbound port open by default.
回复 原文
毅然前行 2024-09-15 03:48:12

除了 Steve N 的精彩回答之外,我还要补充最后一点。

  1. 确保您理解该警告,尤其是包含您的证书及其颁发者的详细信息。您的 .pem 文件中可能没有块,即 issuer=subject= 等,并且您的文件以 -----BEGIN 开头证书。在转换证书文件期间,它可能会被意外删除。

In addition to a great answer of Steve N let me add the last point.

  1. Ensure you understand the warning, especially include details of your certificate and its issuer. You probably don't have a block in your .pem file, i.e. issuer= , subject= etc. and your file begins with -----BEGIN CERTIFICATE. It can be accidentally deleted during conversion of the certificate file.
回复 原文
佼人 2024-09-15 03:48:12

可能与OP的Q无关,但我尝试了所有带有不同标志的openssl语句,同时尝试与PHP \SoapClient(... ) 三天后我终于找到了一个适合我的解决方案。发帖以便下一个家伙(tte)可能会发现这比我更容易。

GitBash

$ cd path/to/certificate/
$ openssl pkcs12 -in personal_certificate.pfx -out public_key.pem -clcerts

首先,您必须输入 YOUR_CERT_PASSWORD 一次,然后输入 DIFFERENT_PASSWORD! 两次。后者可能可供所有有权访问代码的人使用。

PHP

<?php

$wsdlUrl   = "https://example.com/service.svc?singlewsdl";
$publicKey = "rel/path/to/certificate/public_key.pem";
$password  = "DIFFERENT_PASSWORD!";

$params = [
    'local_cert' => $publicKey,
    'passphrase' => $password,
    'trace' => 1,
    'exceptions' => 0
];

$soapClient = new \SoapClient($wsdlUrl, $params);

var_dump($soapClient->__getFunctions());

Might be irrelevant for OP's Q, but I've tried all openssl statements with all the different flags, while trying to connect with PHP \SoapClient(...) and after 3 days I finally found a solution that worked for me. Posting so the next dude(tte) may find this easier than me.

GitBash

$ cd path/to/certificate/
$ openssl pkcs12 -in personal_certificate.pfx -out public_key.pem -clcerts

First you have to enter YOUR_CERT_PASSWORD once, then DIFFERENT_PASSWORD! twice. The latter will possibly be available to everyone with access to code.

PHP

<?php

$wsdlUrl   = "https://example.com/service.svc?singlewsdl";
$publicKey = "rel/path/to/certificate/public_key.pem";
$password  = "DIFFERENT_PASSWORD!";

$params = [
    'local_cert' => $publicKey,
    'passphrase' => $password,
    'trace' => 1,
    'exceptions' => 0
];

$soapClient = new \SoapClient($wsdlUrl, $params);

var_dump($soapClient->__getFunctions());
回复 原文
~没有更多了~

关于作者

猫九

暂无简介

0 文章
0 评论
830 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文