What's the correct format for Java APNS certificate?

miho picture miho · Nov 19, 2013 · Viewed 8k times · Source

I'm using Java APNS (com.notnoop.apns, v0.2.3) to send Push Notifications to my iOS app. I'm creating the APNS service with the following lines:

private ApnsService createApnsService() throws IOException {
        ApnsServiceBuilder serviceBuilder = APNS.newService().withCert(certResource.getInputStream(), certPassword);
        serviceBuilder.withSandboxDestination();
        return serviceBuilder.build();
}

And receive the following exception:

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.notnoop.exceptions.NetworkIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure\n\tat org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:948)\n\tat org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:838)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:647)\n\tat org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:728)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)...    <<...the stacktrace is much longer, but I've cut it of here, since nobody would read it anyway...>>

I'm guessing that my P12 certificate is incorrect. (I've also tried PEM certificate already.) At the moment I've created the P12 certificate at this way and then applied a password:

Screenshot of Keychain.app


What's the correct way to create the certificate which is compatible with Java APNS?

Answer

user454322 picture user454322 · Dec 11, 2014

I use PKCS#12 (a .p12 file). To create it I do:

  1. Export the private key from the Keychain and name it aps_private-key.p12.

  2. Convert the key with the following command openssl pkcs12 -nocerts -out aps_private-key.pem -in aps_private-key.p12, make sure to enter a PEM pass phrase of at least 4 characters.

  3. Download the certificate of the app from https://developer.apple.com/account/ios/identifiers/bundle/bundleList.action. The downloaded file should be called something like aps_development.cer.

  4. Convert the certificate with the following command openssl x509 -in aps_development.cer -inform der -out aps_development.pem

  5. Generate the credentials using openssl pkcs12 -export -in aps_development.pem -out aps_dev_credentials.p12 -inkey aps_private-key.pem.

  6. And I'm ready to use the credentials generated in step 5 (aps_dev_credentials.p12).

    final InputStream certificate = Thread.currentThread().getContextClassLoader()
            .getResourceAsStream("aps_dev_credentials.p12");
    final char[] passwd = {'1','2','3','4'};
    final ApnsService apnsService = com.notnoop.apns.APNS.newService()
            .withCert(certificate, new String(passwd))
            .withSandboxDestination().build();
    apnsService.testConnection();