如何校验服务器PUSH证书是否有效?

判断 cer 格式的PUSH证书是否有效非常简单,使用 PushMeBaby\SmartPush 之类的 Mac 应用程序向设备推一条推送通知就可以了。
但是服务器使用的PUSH 证书往往是 .pem(PHP/GoLang服务端)或 .p12(Java/C#服务端)格式的,我们可以用以下 OpenSSL 命令判断服务器 PUSH 证书是否有效,然后再确定是否是服务端代码的问题:

  1. 将 PKCS#12 (.pfx .p12) 转成 PEM:

    用以下命令转换成同时包含私钥和证书的 pem 文件:

    openssl pkcs12 -in apns_production_privatekey.p12 -out apns_production_privatekey.pem -nodes
    

    期间会提示输入密码,请输入 p12 文件导出时的密码。

    注意:如果只导出私钥可以加上 -nocerts 参数,只导出证书则可以加上 -nokeys 参数。

  2. 测试生产证书:

    openssl s_client -connect gateway.push.apple.com:2195 -cert apns_production_privatekey.pem
    

    如果输出如下信息(),表明证书是正常的:

CONNECTED(00000003) depth=1 /C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C verify
error:num=20:unable to get local issuer certificate verify return:0
— Certificate chain 0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.push.apple.com i:/C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C 1
s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority
- L1C i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net
Certification Authority (2048)
— Server certificate
—–BEGIN CERTIFICATE—– MIIFIzCCBAugAwIBAgIETCMvvjANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC …
… de7tGJEmdBgmtX2Wn0r0Erg+9nnjOEQ=
—–END CERTIFICATE—– subject=/C=US/ST=California/L=Cupertino/O=Apple
Inc./CN=gateway.push.apple.com issuer=/C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C
— Acceptable client certificate CA names /C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA /C=US/O=Apple Inc./OU=Apple
Worldwide Developer Relations/CN=Apple Worldwide Developer Relations
Certification Authority /C=US/O=Apple Inc./OU=Apple Certification
Authority/CN=Apple Application Integration Certification Authority
— SSL handshake has read 3144 bytes and written 2168 bytes
— New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion:
NONE SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 9E737F1BD1AC1D41A2D6486B9F2DD08EF3B87EC9A91EBB42396D9664B34FF534DA2DCF4A897688ECBEFE00B069C481BC
Key-Arg : None
Start Time: 1452222166
Timeout : 300 (sec)
Verify return code: 0 (ok)

你可能感兴趣的:(ios,push,OpenSSL,apns)