APNS远程推送证书的制作

2016-11-16

远程推送通知

原理

本地通知是应用自己发起的，和本地通知不同，远程推送通知是由应用服务商发起的，通过 Apple 的 APNS (Apple Push Notification Server) 发送到手机客户端。

远程推送通知的过程可以分为以下几步：

应用服务提供商从服务器端把要发送的消息和设备令牌（device token）发送给苹果的消息推送服务器APNs。
APNs根据设备令牌在已注册的设备（iPhone、iPad、iTouch、mac等）查找对应的设备，将消息发送给相应的设备。
客户端设备接将接收到的消息传递给相应的应用程序，应用程序根据用户设置弹出通知消息。

以上的步骤，总结为如图所示：

注册APNS推送消息

应用程序注册APNS推送消息时，需要注意：

只有注册过的应用才有可能接收到消息，程序中通常通过UIApplication的registerUserNotificationSettings:方法注册，iOS8中通知注册的方法发生了改变，如果是iOS7及之前版本是通过UIApplicationregisterForRemoteNotificationTypes: 方法注册。
注册之前有两个前提条件必须准备好：开发配置文件（provisioning profile，也就是.mobileprovision后缀的文件）的App ID不能使用通配ID必须使用指定APP ID并且生成配置文件中选择Push Notifications服务，一般的开发配置文件无法完成注册；应用程序的Bundle Identifier必须和生成配置文件使用的APP ID完全一致。如果么有这种要求的话，有可能发生推送错乱现象。

在应用程序中获取 device token

在UIApplication的-(void)application:(UIApplication *)application didRegisterForRemoteNotificationsWithDeviceToken:(NSData *)deviceToken代理方法中获取令牌，此方法发生在注册之后。
如果无法正确获得device token可以在UIApplication的-(void)application:(UIApplication *)application didFailToRegisterForRemoteNotificationsWithError:(NSError *)error代理方法中查看详细错误信息，此方法发生在获取device token失败之后。
模拟器是无法获取device token 的。

APNS证书的制作

APNS证书的制作包含以下步骤：

创建 APP ID
创建 CSR 文件
Certificates 的创建和配置
在钥匙串证书中导出 p12 格式文件

以上的这些步骤都是在苹果开发者网站上操作的，做这些的前提是你必须有一个苹果开发者账号。在这里我们不介绍如何创建 APP ID，只介绍后面两种步骤，另外附加如何制作 pem 文件。

CSR 文件的生成

首先打开 钥匙串访问 如图：

然后填写自己的信息。如图：

给自己电脑描述证书命名，并选择保存位置。如图：

制作完成之后，如图：

Certificates的创建

这里我们创建的证书是 APNS（远程推送服务）证书，所以你在创建APP ID 一定要设置为支持远程推送。如图：

在这里，我假设你已经设置了这些。下面的步骤就是如何创建 APNS 证书了。

进入苹果开发者网站并登陆成功。首先找到你要为哪个应用添加 APNS 服务。如图：

然后进入以下界面，并点击 Edit 按钮

对 APNS证书配置页面的解释如图：

我们首先配置开发环境的证书。点击 Create Certificate.. -> 进入下一页点击 Continue 进入如图所示界面：

此时把你刚刚创建的 CSR 文件上传上去即可。此时就创建成功了 Apns证书，然后把它下载下来。如图：

导出p12文件

双击上面下载的 .cer证书（Certificates证书）,然后打开钥匙串访问。如图：

给你的p12证书命名

好啦，APNS证书的P12制作已经大功告成了。最后截图显示：

此时，你就可以拿着这个p12文件上传到第三方推送平台（推送宝、融云、极光推送、Umeng等）上了。生产环境证书的制作与开发环境的相对应，方法是一样的。

.pem文件的制作

这是一个扩展，我们针对 p12 文件来制作 key.p12 文件。

制作 key.p12 文件

导出cer证书的key.p12文件

导出后如图所示：最终的key.p12文件

用命令行合成pem文件

使用openssl 将cer.p12及key.p12转成cer.pem和key.pem

1）首先进入 cer.p12 和 key.p12 所在的目录

zhangqis-Mac-mini:MaxwellQi.github.io qizhang$ cd ~/Desktop/certificate/development/
zhangqis-Mac-mini:development qizhang$ ls
TVUAnywhere_development_apns.p12	key_TVUAnywhere_development_apns.p12

2) 将 TVUAnywhere_development_apns.p12 文件转化为 tvuanywhere_cert_debug.pem 文件。命令：

openssl pkcs12 -clcerts -nokeys -out tvuanywhere_cert_debug.pem -in TVUAnywhere_development_apns.p12 

eg:

zhangqis-Mac-mini:development qizhang$ openssl pkcs12 -clcerts -nokeys -out tvuanywhere_cert_debug.pem -in TVUAnywhere_development_apns.p12 
Enter Import Password:
MAC verified OK
zhangqis-Mac-mini:development qizhang$ ls
TVUAnywhere_development_apns.p12	key_TVUAnywhere_development_apns.p12	tvuanywhere_cert_debug.pem

这一步需要你输入制作p12文件时候设置的密码。

3）将 key_TVUAnywhere_development_apns.p12 文件转化为 tvuanywhere_key_debug.pem 文件。命令：

openssl pkcs12 -nocerts -out tvuanywhere_key_debug.pem -in key_TVUAnywhere_development_apns.p12

eg:

	zhangqis-Mac-mini:development qizhang$ openssl pkcs12 -nocerts -out tvuanywhere_key_debug.pem -in key_TVUAnywhere_development_apns.p12 
	Enter Import Password:
	MAC verified OK
	Enter PEM pass phrase:
	Verifying - Enter PEM pass phrase:
	zhangqis-Mac-mini:development qizhang$ ls
	TVUAnywhere_development_apns.p12	key_TVUAnywhere_development_apns.p12	tvuanywhere_cert_debug.pem		tvuanywhere_key_debug.pem

这一步密码要输入两次，一次是你制作 p12文件时候的密码，另一次是你为生成的 .pem设置的密码。

4）我们利用刚刚我们制作的证书连接一下 Apple的 APNS 服务器，测试一下是否通。命令：

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert tvuanywhere_cert_debug.pem  -key tvuanywhere_key_debug.pem

eg:

zhangqis-Mac-mini:development qizhang$ openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert tvuanywhere_cert_debug.pem  -key tvuanywhere_key_debug.pem
Enter pass phrase for tvuanywhere_key_debug.pem:
CONNECTED(00000003)
depth=1 /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
   i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
 1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
   i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgIRAP/KN+WwyNu6AAAAAFDYCGYwDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN
MTYwNTA1MTcyMjM1WhcNMTgwNTAyMTc1MjM0WjB0MQswCQYDVQQGEwJVUzETMBEG
A1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpB
cHBsZSBJbmMuMScwJQYDVQQDEx5nYXRld2F5LnNhbmRib3gucHVzaC5hcHBsZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDu8g0rJ6zbAczB/gpg
QSDkK9ftwW38Z8bAgsV1uZXvYfjmq8h69bIy0v1TMie03mEMSm/WVHWisCFSJSIG
11QX3Z6mgw+Qff4M3VccSTZaPiEofCp/feUXQqzImBhe4/RVyem9n6ZURAYyWYN9
4xTedpSgvQQb5aTnEpmTGMgxL7pKBRRErtKB6PlqixJ176AisR4Q2KxVYwGakM9e
a34qj+qbVu+v6B8XXV1CUA4OmS59dpQ5YXBYdHFEaqaDs+IhUrElB2hAg7Gcc649
O/EeQqjs8VwsmGM+FYIftvfkyCfeJz1Lfk9fdNMcAm4jWh/n2LzqPT1fZaDS9L1E
z1vjAgMBAAGjggGVMIIBkTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50
cnVzdC5uZXQvbGV2ZWwxay5jcmwwSwYDVR0gBEQwQjA2BgpghkgBhvpsCgEFMCgw
JgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMAgGBmeBDAEC
AjBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1
c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1j
aGFpbjI1Ni5jZXIwKQYDVR0RBCIwIIIeZ2F0ZXdheS5zYW5kYm94LnB1c2guYXBw
bGUuY29tMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MB0GA1UdDgQW
BBQilGEKLJhxmPA0qq6OtdmvSADjszAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUA
A4IBAQB9KaD/0IUHBykbu1detIDPgDCkvEkcTg+Aoge6h1yj1wkSv3d94mJif+jy
/p9Yz0Uf69d7tMAK8nrefin4cBFSdJpj9HSk0AUaQoDFAz+BLuGMN8J05iwWKYf+
IkS7sr+z3RgGkFyH9XCMAu+MrvCz/r+SIuM6AO2/F/iwmBU1UrerbCjBfPxM+sNB
BU0lUv0w0Xm3/ZyDh+Em0u15vM8D4NtkK6v0K+3GdgBU6xGgpX68eqszSIbkRzMu
Hke/uLEPEGV/r6N1NSgQqbajUVgqUCrG3GPHsmuVHCFWSP1YYc+2FwKYOLEUgbma
yYBeaZ+LYzqYxyZzBvj+jTaRKi56
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
issuer=/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
---
Acceptable client certificate CA names
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Application Integration Certification Authority
/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
/C=US/ST=CA/L=Cupertino/O=Apple Inc./OU=Internet Software and Services/CN=iCloud Test/emailAddress=APNS-Dev@group.apple.com
/CN=Apple Application Integration 2 Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=US
---
SSL handshake has read 3522 bytes and written 2183 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: B0291DE714A900BB74082D810B7780E719420E9AAD3404276D4DF2D5D9182DF44D19D770B9A09DCE0B4758CEC2F62FF4
    Key-Arg   : None
    Start Time: 1479351669
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
sdf
closed
zhangqis-Mac-mini:development qizhang$ 

随便输入一句话，按回车。能顺利推出即为通了。 OK，已经通了。到此为止制作成功了。你可以比照着上述方法执着生产环境的 APNS证书了。

补充

合成证书的制作

所谓的合成证书，就是 key.pem 和 cer.pem 文件和在一起的一个证书。我们可以打开上面制作的任意一个 .pem 文件，内容如下：

tvuanywhere_cert_debug.pem文件的内容

Bag Attributes
    friendlyName: Apple Development IOS Push Services: com.tvunetworks.TVUAnywherePro
    localKeyID: D4 0B E4 32 3A 49 A4 8C 5B C0 38 28 81 F6 1E F7 DA 4B FE 80 
subject=/UID=com.tvunetworks.TVUAnywherePro/CN=Apple Development IOS Push Services: com.tvunetworks.TVUAnywherePro/OU=YDEVQQ22JR/C=US
issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
-----BEGIN CERTIFICATE-----
MIIFoTCCBImgAwIBAgIIcXl/K7asceQwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNV
BAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3Js
ZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3
aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMTYxMTE2MDUyNzIwWhcNMTcxMTE2MDUyNzIwWjCBoDEuMCwGCgmSJomT8ixk
AQEMHmNvbS50dnVuZXR3b3Jrcy5UVlVBbnl3aGVyZVBybzFMMEoGA1UEAwxDQXBw
bGUgRGV2ZWxvcG1lbnQgSU9TIFB1c2ggU2VydmljZXM6IGNvbS50dnVuZXR3b3Jr
cy5UVlVBbnl3aGVyZVBybzETMBEGA1UECwwKWURFVlFRMjJKUjELMAkGA1UEBhMC
VVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+QCVkIPfAQt5dctaT
1NEsTgUa9EAckD4YyqRhhD6hjJkFJZsrHeNrs++Tz6ZtMuzJOZh7YmHssDWNWai6
ATRa1SwjSNGBu4hgyMV4wViuXKoxLtt1RAFzNpkBnfewkC8bOVmlfA1O4Ht1pOgY
51bFelGzfR74xOY6EwjxrQG5RSiZUkl2RxoLt7iPj3C34DQyESJ/whUS4FmDfbo/
lEuPdE/mxCW41OJkaetGsm+M5Y1pBMUjBP6bBKejmV1H8M+tRkEKXRmpU18G8wPm
uULpNb047twLN5l3/2N7MwGQBloA3mBuO1v8SC7x0/UsktYiM9qXXwukntBxd25x
r0FtAgMBAAGjggHlMIIB4TAdBgNVHQ4EFgQU1AvkMjpJpIxbwDgogfYe99pL/oAw
CQYDVR0TBAIwADAfBgNVHSMEGDAWgBSIJxcJqbYYYIvs67r2R1nFUlSjtzCCAQ8G
A1UdIASCAQYwggECMIH/BgkqhkiG92NkBQEwgfEwgcMGCCsGAQUFBwICMIG2DIGz
UmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1l
cyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVy
bXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5k
IGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wKQYIKwYBBQUHAgEW
HWh0dHA6Ly93d3cuYXBwbGUuY29tL2FwcGxlY2EvME0GA1UdHwRGMEQwQqBAoD6G
PGh0dHA6Ly9kZXZlbG9wZXIuYXBwbGUuY29tL2NlcnRpZmljYXRpb25hdXRob3Jp
dHkvd3dkcmNhLmNybDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIw
EAYKKoZIhvdjZAYDAQQCBQAwDQYJKoZIhvcNAQEFBQADggEBAKr7qEKwI14IT9jW
8W5O4x3rjbx/8Y+QQ5lQ2bcBqaLWULZZV56DITwv1xoxvUasbQTGlO/SgBRarxNj
HgYNfbKwmvHzgvtZUQUAY9n0N/mPy2zMy1TeRZp19/S+Fa0ylpzJQ9sHi0TnXCj/
oaSB4nhRhEgfAgRgaDP5uz+bOnHCf1zc0lBYNJvKrUwrpJSbUhX9rTfqqro0SY5V
PZqQJ01HpysNeqXmqAH4dc0GFBFPwNMJT9ycPmChxcwQOULzXkd+QqET3bN4MwAg
wPdDVEYDbq+g5hWKK9sf8PzRs/cUpN1l/OjKvql4H0FndKJCUnJAlHY+Y70mW5yq
GRFDnrQ=
-----END CERTIFICATE-----

tvuanywhere_key_debug.pem文件的内容

Bag Attributes
    friendlyName: TVU
    localKeyID: D4 0B E4 32 3A 49 A4 8C 5B C0 38 28 81 F6 1E F7 DA 4B FE 80 
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,21E8B79AB538FF93
MQxjNW8VbaLulxZCIxPmgoKeXGlsa9IqZxVbFjZ4/n96nT/SKsaUBZNny4i5EMgT
52RqqtJoqDLi02yhlOgSj3IFfAtO0pyeUNLczsPyKIIofu6u+NmthW6ufVSMtrM/
KjQs71/a7tv0o5TbG2vU3heZTzr03YiSxTWg7zVFD8DLufvQhiFoNu8cU5iVyWHG
H5qQUceqsBGIIqyjFtYeXcuQb5htfry7C0yf0fwUWFECCFH+YuZe1LxuVSI8UyW3
DKM+CXNQTOjZepOTJPN6gW9P7XnEMhSDyeYav9m5KXwTHN+UmMrDsEtUJIORHn4N
WnJ2sZaqAajm32qTm7blEV7oocM3ZMFC9a2mmU1YLsYnPIml++22ZRfuhhZWrpea
bAMUWfFn/vyZBMJpAJdVXhJzbxzuUJhASEt43uU7NSHDFh5Dwttit1kYlCqhV3QV
/cSLy8qiWimlMLMe/m41e0Kpt/u52PZ34AP4SYSap88FtfBRtQRPpa9nanltU1cu
IdmyBXsRcg6SagIg3jKAh3PvFOxIBijESRlIITCJ5KwKvQT2ara0N55Wxh+YFqir
oOy4kn1DPeiBcv/TVEzXot/6ZRFabky69Bq07wGQtvmInyoMOivGOH+d4GeuE+L8
93DsZP1f9nhIA9jSr+EuoTCTFgOCr1Cinwzb2rvshAKHhSnjRUCp6vNtZtV0LM8g
fGiwgLLtn3tR9jrySCuuen507x/8FHCwe88sEqOBPxBe9FUCOybm5ryn7YyInNLn
jgFriH55bL4wehm8GNXu/spLE0oN8PZYg17ZK3H8RheH5C6oNBWI5ksWfdsl7BnV
JbC0RJwIX+Bkc6sVX32r5RjUp1ZxhyGDIz4gaKR9Se/XynQw+2wuSUs49ZzOH5oz
8cTEOJUHbjV4jm7yqvU/keOwtVP3kvy8spQ6y8IL/VuHiMfHfGJIfR20Zu8a9sTB
16+5LXuOjVs/356X70c005u+pJK1CdUKpkc5kzZOZhhwvjLufq06x7sy8VQDIyaL
x/WReROOfKk8Lx8Glf30zBIINdHk0Ee5eLpBWgdPGeyagCSkNk96FP1AqeWhQtfU
V3mNRS+GFD1TIMAhv9PilWDpY2+lOXUUJMRyW4pFqSTPiOERMpBqklK80SdtAaPN
uL1HaljJbHXoSwWR6+0UeUiYK0DrzeH7qacVjeG/+xz32UMgc5K6ION2WuQhJW9C
uzlwmGW99NKfi2idT5MFIdSBml0BSsayXO9tf0ybv1v0GBEyctSyJIHe72imC2dg
lzfTpg9m+k0SrcuS33+WCDAwDKLFoqd9W+fwvUoiOEA/lDzmVCw/o9VhFII5gAQF
ej8TzBMUQwk55GEAQPn1TeexsAmuqXFsmVN+G/G74hm3weOKzoqvOKeWWpC1tNr/
G8ZcrWtU9qFLrnxgbdfn7gE+Hlk4KKziG9R/SRTrvOLoYzzeLzlGrA0lJEHplSZG
UhuZe0MNHl8YX/agK+bfCJiZusWn/wl0NKoLbNZPDLEo6dVb8wHJTY6VxUeSotdT
D3cFm8h+ryNg0Tesma7G6R2Pk5vEweK50eCdVY0qZSEl9niDsQjPy7cRywmLbNNg
-----END RSA PRIVATE KEY-----

我们可以用命令行把这两个文件和在一起，这种方法我们不做介绍。下面介绍如何根据 cer.p12文件直接生成这种合成文件。

我们要根据 TVUAnywhere_development_apns.p12 文件生成 TVUAnywhere_development_apns.pem文件，命令：

openssl pkcs12 -in TVUAnywhere_development_apns.p12 -out TVUAnywhere_development_apns.pem -nodes

eg:

zhangqis-Mac-mini:development qizhang$ openssl pkcs12 -in TVUAnywhere_development_apns.p12 -out TVUAnywhere_development_apns.pem -nodes
Enter Import Password:
MAC verified OK

我们查看一下 TVUAnywhere_development_apns.pem 的内容：

Bag Attributes
    friendlyName: Apple Development IOS Push Services: com.tvunetworks.TVUAnywherePro
    localKeyID: D4 0B E4 32 3A 49 A4 8C 5B C0 38 28 81 F6 1E F7 DA 4B FE 80 
subject=/UID=com.tvunetworks.TVUAnywherePro/CN=Apple Development IOS Push Services: com.tvunetworks.TVUAnywherePro/OU=YDEVQQ22JR/C=US
issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
-----BEGIN CERTIFICATE-----
MIIFoTCCBImgAwIBAgIIcXl/K7asceQwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNV
BAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3Js
ZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3
aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMTYxMTE2MDUyNzIwWhcNMTcxMTE2MDUyNzIwWjCBoDEuMCwGCgmSJomT8ixk
AQEMHmNvbS50dnVuZXR3b3Jrcy5UVlVBbnl3aGVyZVBybzFMMEoGA1UEAwxDQXBw
bGUgRGV2ZWxvcG1lbnQgSU9TIFB1c2ggU2VydmljZXM6IGNvbS50dnVuZXR3b3Jr
cy5UVlVBbnl3aGVyZVBybzETMBEGA1UECwwKWURFVlFRMjJKUjELMAkGA1UEBhMC
VVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+QCVkIPfAQt5dctaT
1NEsTgUa9EAckD4YyqRhhD6hjJkFJZsrHeNrs++Tz6ZtMuzJOZh7YmHssDWNWai6
ATRa1SwjSNGBu4hgyMV4wViuXKoxLtt1RAFzNpkBnfewkC8bOVmlfA1O4Ht1pOgY
51bFelGzfR74xOY6EwjxrQG5RSiZUkl2RxoLt7iPj3C34DQyESJ/whUS4FmDfbo/
lEuPdE/mxCW41OJkaetGsm+M5Y1pBMUjBP6bBKejmV1H8M+tRkEKXRmpU18G8wPm
uULpNb047twLN5l3/2N7MwGQBloA3mBuO1v8SC7x0/UsktYiM9qXXwukntBxd25x
r0FtAgMBAAGjggHlMIIB4TAdBgNVHQ4EFgQU1AvkMjpJpIxbwDgogfYe99pL/oAw
CQYDVR0TBAIwADAfBgNVHSMEGDAWgBSIJxcJqbYYYIvs67r2R1nFUlSjtzCCAQ8G
A1UdIASCAQYwggECMIH/BgkqhkiG92NkBQEwgfEwgcMGCCsGAQUFBwICMIG2DIGz
UmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1l
cyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVy
bXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5k
IGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wKQYIKwYBBQUHAgEW
HWh0dHA6Ly93d3cuYXBwbGUuY29tL2FwcGxlY2EvME0GA1UdHwRGMEQwQqBAoD6G
PGh0dHA6Ly9kZXZlbG9wZXIuYXBwbGUuY29tL2NlcnRpZmljYXRpb25hdXRob3Jp
dHkvd3dkcmNhLmNybDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIw
EAYKKoZIhvdjZAYDAQQCBQAwDQYJKoZIhvcNAQEFBQADggEBAKr7qEKwI14IT9jW
8W5O4x3rjbx/8Y+QQ5lQ2bcBqaLWULZZV56DITwv1xoxvUasbQTGlO/SgBRarxNj
HgYNfbKwmvHzgvtZUQUAY9n0N/mPy2zMy1TeRZp19/S+Fa0ylpzJQ9sHi0TnXCj/
oaSB4nhRhEgfAgRgaDP5uz+bOnHCf1zc0lBYNJvKrUwrpJSbUhX9rTfqqro0SY5V
PZqQJ01HpysNeqXmqAH4dc0GFBFPwNMJT9ycPmChxcwQOULzXkd+QqET3bN4MwAg
wPdDVEYDbq+g5hWKK9sf8PzRs/cUpN1l/OjKvql4H0FndKJCUnJAlHY+Y70mW5yq
GRFDnrQ=
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: TVU
    localKeyID: D4 0B E4 32 3A 49 A4 8C 5B C0 38 28 81 F6 1E F7 DA 4B FE 80 
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvkAlZCD3wELeXXLWk9TRLE4FGvRAHJA+GMqkYYQ+oYyZBSWb
Kx3ja7Pvk8+mbTLsyTmYe2Jh7LA1jVmougE0WtUsI0jRgbuIYMjFeMFYrlyqMS7b
dUQBczaZAZ33sJAvGzlZpXwNTuB7daToGOdWxXpRs30e+MTmOhMI8a0BuUUomVJJ
dkcaC7e4j49wt+A0MhEif8IVEuBZg326P5RLj3RP5sQluNTiZGnrRrJvjOWNaQTF
IwT+mwSno5ldR/DPrUZBCl0ZqVNfBvMD5rlC6TW9OO7cCzeZd/9jezMBkAZaAN5g
bjtb/Egu8dP1LJLWIjPal18LpJ7QcXduca9BbQIDAQABAoIBAGsWPjW7HNk6imG9
VyzE+Kxgih0e6MtrIZjgz2AYiQxz0FoGTe4aF72y/aKMmlgS9xdY9QxWV1pb4Pjc
Q83XCborDXoa7dqBTYV03TpYUmtqu12Ny3eZPNu2Gq+/VAEtV2aShHRSfEcusi+J
EB+cb8oeTMikH//VDOYZespWIIdAfIGjlCmYEBd0SL2P9gX8UUWDRFjvGdp63JP+
CaOATrSWCqArnI6FZsFyyCyspP48IJAaBe9u7JCmVXcuXh6bGEEW29X9xgc1H0T1
lQvxscHSKBzqhSP32Ahaj7U0cfYaD31L7NjV1BzLb/V0sSsIcfxkWdTmYkzyyn4T
3XoPRAECgYEA/XrkLgdTg/1gGHWT3I5NAzfTEMcSu3bQ3H3M2MaQkFJYtkEnu061
g8Qm8/OSyq2Ura9UNVgkl4DCqM10kc/93P+elMWZhQPAkqUA8fEphduSAEdsQvNS
aCRPnCye36VRCmCvrdv6VO4Qid4bLY7SRKjLqv0j4p1D/DlWIZKPIm0CgYEAwCRV
0cfgMRfXFhI4H7iNUYo5csWzZ4GBDMJUXqJTxBZtbp57dC2GaLCPLlGnVQSBUJBc
B0qm6fmguqER3HF+Wrl8h3KIxe7UCRkJqIUnRQ4AReJ+vv6rYLI4+guE1g4Eebg9
VuKY/TXt/r8CxhryoaNVpDPDrWpyWgSwtMRVOwECgYEA0mK8nwOPqt6TctmsFwS5
IPGlqqhAgP32DvwPGOF+PXtLjEH58zo56BrXZeWFsdlurNX4I6p7/I9vgeG9XgTv
JQ25FqwHZuKdZFm1tho/J4392WNulQcWH7/7n5ldaCzzXZSwW7JYTUOm0HdbwW1o
UnpzSQGAVmfHdMI2Hflh+eUCgYEAiBa0OhtJbTwneVh6K+15GnG+cs4YXY1aLAFP
5J8wmUgRRjI12nmMI4Y6Q2JOFGdWeAtnQzrasgm+j7EZh3tTNUr/Kqgyu46G29LC
BnwY7k4WX2kmwHx8Qca5mFCkS0AuZ0/ZEjr4hQ+3e6Eqg8n+ZAHd3KlVRPSJ/bwo
tEAC5gECgYAlPzSWwMuoi6TTHOZIzYzaI5migVfvXbsCuau8eyz+8/pNNmtx8zu9
pn83jp924d41xeqMcyucfHA2lvCHZLv9wvAV6bCpNRUqCPOj4BhBbDrUajmddEWo
GMaDTuzgxnQZdRqjEZMpwf2Wm9/8ee8lowlBw3TF1d9C5EyClop/Nw==
-----END RSA PRIVATE KEY-----

OK了，这个合成也已经介绍完了。

证书校验

APP与 APNS 之间是加密的连接，因此需要使用证书来加密连接。每个的推送环境有自己单独的推送证书，即开发证书和生产证书。在将证书最终转为 pem 格式后，可通过与 APNs 连接来测试证书是否有效。

开发环境APNS服务器的地址：gateway.sandbox.push.apple.com:2195

生产环境APNS服务器地址：gateway.push.apple.com:2195

由于我们这个教程制作的是开发环境的证书，所以如果你做的是生产环境，直接替换 APNS 服务器地址即可。

1) 不使用合成证书进行校验（使用 cer.pem 和 key.pem进行校验）

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert tvuanywhere_cert_debug.pem  -key tvuanywhere_key_debug.pem

2）使用合成证书进行校验

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert TVUAnywhere_development_apns.pem

3）如何判断校验成功

当输入完命令回车后，终端首先会输出很多相关信息。

当连接建立失败时，会直接关闭。

当连接建立成功时，终端会停止输出，并等待你输入，你可以随便输入一些字符后摁回车，然后连接才会关闭。

生成RSA格式的key

在上面生成的key.pem中，有时候其格式不是我们想要的RSA格式，我们可以通过’openssl’生成RSA格式的。

openssl rsa -in key.pem -out key_rsa.pem

最终生成的格式如下：

-----BEGIN RSA PRIVATE KEY-----
key content
-----END RSA PRIVATE KEY-----