iOS - How to check wheather pem file is valid or not?

Question

I have created development and production pem files. I have followed this steps:

1) developer.apple.com : AppIDs section check Bundle id supports Development SSL Certificate if no then create that certificate (which supports APNS)

2) open key chain

3) right click on our certificate and export certificate.

4) you will get .p12 file from here : like : hope_APNS.p12

5) open console(terminal) and run following command (use created .p12 file here as input) openssl pkcs12 -in apns-dev-cert.p12 -out apns-dev-cert.pem -nodes -clcerts

6) you will get .pem file for the same. (like hope_APNS.pem)

Developement pem file is working fine. But there is some in production pem file. When i set production pem file and send push notification from console. I won't get push on my device.

Answer 1

That's an old thread but I was looking for the same answer and hope this solution help someone... worked for me.

You can test your PEM key using the following command, which should hang if successful until you press enter:

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert pnpush.pem -key pnpush.pem

The above tests the PEM Key in sandbox mode. For production mode, use the following command:

openssl s_client -connect gateway.push.apple.com:2195 -cert pnpush.pem -key pnpush.pem

Thanks to Craig at https://www.pubnub.com/knowledge-base/discussion/234/how-do-i-test-my-pem-key

Answer 2

There are many reasons why you may not be getting push notifications via a production .pem certificate on your device. Besides making sure you generated the distinct production certificate correctly, here are few things to check:

1. You have an Ad-Hoc or Distribution build running on your test device when testing a production certificate
2. You have successfully collected the production push token of said device (which will always be different from the development push token)
3. You are able to connect to Apple Push Notification PRODUCTION servers (gateway.push.apple.com, port 2195) with the new certificate (ie/ you're able to open a socket connection and it does not close immediately)
4. You have checked that your certificate is not expired

Failing all that, you really need to check what is going on at the network level when you send something via that certificate. If it's invalid, it won't connect at all to Apple. If it's valid but the push token you're sending is not recognized by Apple, an error code will be returned (if you are using the binary interface) or the connection will be severed. You may also want to look into the APNS Feedback API to gain more insight on what is going wrong.

You may want to check out this answer and this other answer for more tips.

Answer 3

It's very easy to check both PEM files (Development as well as Distribution ) by using this tool:

Supports Both APNS & GCM Click to check PEM File is valid or not

Answer 4

Verify .pem file First, open the .pem in a text editor to view its content. The certificate content should be in format as shown below. Make sure the pem file contains both Certificate content(from BEGIN CERTIFICATE to END CERTIFICATE) as well as Certificate Private Key (from BEGIN PRIVATE KEY to END PRIVATE KEY):

> Bag Attributes
>     friendlyName: Apple Push Services:<Bundle ID>
>     localKeyID: <> subject=<>
> -----BEGIN CERTIFICATE-----
> 
> <Certificate Content>
> 
> -----END CERTIFICATE----- Bag Attributes
>     friendlyName: <>
>     localKeyID: <> Key Attributes: <No Attributes>
> -----BEGIN PRIVATE KEY-----
> 
> <Certificate Private Key>
> 
> -----END PRIVATE KEY-----

Also, you check the validity of the certificate by going to SSLShopper Certificate Decoder and paste the Certificate Content (from BEGIN CERTIFICATE to END CERTIFICATE) to get all the info about the certificate as shown below: