iOS服务端推送证书更换
服务器端php的推送证书还有三天就要过期了,为了防止出现去年那样,用户突然收不到推送报警的尴尬出境,今天做了一次更换,做个记录,
主要分为如下步骤:
1.首先在本地生成一个CertificateSigningRequest.certSigningRequest的文件,操作方法见下图
2.登录apple developer后台的Certificates,Identifiers & Profiles管理中心
找到你发布在appstore上面的App ID,在下图这儿找
点击Edit之后,找到Push Notifications这一项,可以看到Production SSL Certificate这一项,下面有个Expires就是推送证书的过期时间,如下图
如果你的证书过期了,这个时候,你需要点击 Create Certificate,按提示步骤往下执行。上传-》最开始在本地磁盘生成的CSR File文件。
最后,点击download,把生成的证书下载到本地即可。
3.进入钥匙串,点击证书,并找到刚才(第2步最后)安装到本地的最新证书文件,点击展开如下,并选择第一行,点击导出,输入一个简单的密码,命名为cert.p12,如下图操作
5.点击第二行的就是你自己命名的图上是: elsonpxxxxxx,右键导出key.p12文件,并设置一个简单的密码
6.将cert.p12和key.p12放在一个命名为temp的文件夹中,打开终端cd到这个文件夹中
7.执行命令: openssl pkcs12 -clcerts -nokeys -out cert.pem -in cert.p12
过程中需要输入密码,就输入刚才自己设置的密码
8.执行命令:openssl pkcs12 -nocerts -out key.pem -in key.p12
此时要注意在终端中的提示,第一次输入的密码是生成证书时候的密码,
第二次第三次输入密码是设置key.pem的新密码。(注意第二、第三次设置的密码,后面要给服务端人员)
9.执行命令:cat cert.pem key.pem > ck.pem
合并两个证书,就是最终给服务端的推送证书文件
验证生成的证书是否有问题,直接执行下面的命令:
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert cert.pem -key key.pem,并输入第8步中,你设置的密码
如果最后出现,下面这样的内容,恭喜你,搞定了,把ck.pem文件,和密码给服务端人员让他们配置就可以了,
CONNECTED(00000003)
depth=1 /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXX
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
issuer=/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
---
Acceptable client certificate CA names
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Application Integration Certification Authority
/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
/C=US/ST=CA/L=Cupertino/O=Apple Inc./OU=Internet Software and Services/CN=iCloud Test/[email protected]
/CN=Apple Application Integration 2 Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=US
---
SSL handshake has read 3522 bytes and written 2375 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 2E33E3C5EBD19E740C536A02F4D4C2AE1F64E8C3ED3E7A585712567DF0F9A13E4856075344CB585AD893C0500FD19705
Key-Arg : None
Start Time: 1499261841
Timeout : 300 (sec)
Verify return code: 0 (ok)
---