APNS远程推送证书的制作
2016-11-16
远程推送通知
原理
本地通知是应用自己发起的,和本地通知不同,远程推送通知是由应用服务商发起的,通过 Apple 的 APNS (Apple Push Notification Server) 发送到手机客户端。
远程推送通知的过程可以分为以下几步:
- 应用服务提供商从服务器端把要发送的消息和设备令牌(device token)发送给苹果的消息推送服务器APNs。
- APNs根据设备令牌在已注册的设备(iPhone、iPad、iTouch、mac等)查找对应的设备,将消息发送给相应的设备。
- 客户端设备接将接收到的消息传递给相应的应用程序,应用程序根据用户设置弹出通知消息。
以上的步骤,总结为如图所示:
注册APNS推送消息
应用程序注册APNS推送消息时,需要注意:
- 只有注册过的应用才有可能接收到消息,程序中通常通过UIApplication的registerUserNotificationSettings:方法注册,iOS8中通知注册的方法发生了改变,如果是iOS7及之前版本是通过UIApplicationregisterForRemoteNotificationTypes: 方法注册。
- 注册之前有两个前提条件必须准备好:开发配置文件(provisioning profile,也就是.mobileprovision后缀的文件)的App ID不能使用通配ID必须使用指定APP ID并且生成配置文件中选择Push Notifications服务,一般的开发配置文件无法完成注册;应用程序的Bundle Identifier必须和生成配置文件使用的APP ID完全一致。如果么有这种要求的话,有可能发生推送错乱现象。
在应用程序中获取 device token
- 在UIApplication的-(void)application:(UIApplication *)application didRegisterForRemoteNotificationsWithDeviceToken:(NSData *)deviceToken代理方法中获取令牌,此方法发生在注册之后。
- 如果无法正确获得device token可以在UIApplication的-(void)application:(UIApplication *)application didFailToRegisterForRemoteNotificationsWithError:(NSError *)error代理方法中查看详细错误信息,此方法发生在获取device token失败之后。
- 模拟器是无法获取device token 的。
APNS证书的制作
APNS证书的制作包含以下步骤:
- 创建 APP ID
- 创建 CSR 文件
- Certificates 的创建和配置
- 在钥匙串证书中导出 p12 格式文件
以上的这些步骤都是在苹果开发者网站上操作的,做这些的前提是你必须有一个苹果开发者账号。在这里我们不介绍如何创建 APP ID,只介绍后面两种步骤,另外附加如何制作 pem 文件。
CSR 文件的生成
首先打开 钥匙串访问
如图:
然后填写自己的信息。如图:
给自己电脑描述证书命名,并选择保存位置。如图:
制作完成之后,如图:
Certificates的创建
这里我们创建的证书是 APNS(远程推送服务)证书,所以你在创建APP ID
一定要设置为支持远程推送。如图:
在这里,我假设你已经设置了这些。下面的步骤就是如何创建 APNS 证书了。
进入苹果开发者网站并登陆成功。首先找到你要为哪个应用添加 APNS 服务。如图:
然后进入以下界面,并 点击 Edit 按钮
对 APNS证书配置页面的解释 如图:
我们首先配置开发环境的证书。点击 Create Certificate.. -> 进入下一页 点击 Continue 进入如图所示界面:
此时 把你刚刚创建的 CSR 文件上传上去即可。此时就创建成功了 Apns证书,然后把它下载下来。如图:
导出p12文件
双击上面下载的 .cer证书(Certificates证书),然后打开钥匙串访问。如图:
给你的p12证书命名
好啦,APNS证书的P12制作已经大功告成了。最后截图显示:
此时,你就可以拿着这个p12文件上传到第三方推送平台(推送宝、融云、极光推送、Umeng等)上了。生产环境证书的制作与开发环境的相对应,方法是一样的。
.pem文件的制作
这是一个扩展,我们针对 p12 文件来制作 key.p12 文件。
制作 key.p12 文件
导出后如图所示:
用命令行合成pem文件
使用openssl 将cer.p12及key.p12转成cer.pem和key.pem
1)首先进入 cer.p12 和 key.p12 所在的目录
zhangqis-Mac-mini:MaxwellQi.github.io qizhang$ cd ~/Desktop/certificate/development/
zhangqis-Mac-mini:development qizhang$ ls
TVUAnywhere_development_apns.p12 key_TVUAnywhere_development_apns.p12
2) 将 TVUAnywhere_development_apns.p12 文件转化为 tvuanywhere_cert_debug.pem 文件。命令:
openssl pkcs12 -clcerts -nokeys -out tvuanywhere_cert_debug.pem -in TVUAnywhere_development_apns.p12
eg:
zhangqis-Mac-mini:development qizhang$ openssl pkcs12 -clcerts -nokeys -out tvuanywhere_cert_debug.pem -in TVUAnywhere_development_apns.p12
Enter Import Password:
MAC verified OK
zhangqis-Mac-mini:development qizhang$ ls
TVUAnywhere_development_apns.p12 key_TVUAnywhere_development_apns.p12 tvuanywhere_cert_debug.pem
这一步需要你输入制作p12文件时候设置的密码。
3)将 key_TVUAnywhere_development_apns.p12 文件转化为 tvuanywhere_key_debug.pem 文件。 命令:
openssl pkcs12 -nocerts -out tvuanywhere_key_debug.pem -in key_TVUAnywhere_development_apns.p12
eg:
zhangqis-Mac-mini:development qizhang$ openssl pkcs12 -nocerts -out tvuanywhere_key_debug.pem -in key_TVUAnywhere_development_apns.p12
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
zhangqis-Mac-mini:development qizhang$ ls
TVUAnywhere_development_apns.p12 key_TVUAnywhere_development_apns.p12 tvuanywhere_cert_debug.pem tvuanywhere_key_debug.pem
这一步密码要输入两次,一次是你制作 p12文件时候的密码,另一次是你为生成的 .pem设置的密码。
4)我们利用刚刚我们制作的证书连接一下 Apple的 APNS 服务器,测试一下是否通。命令:
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert tvuanywhere_cert_debug.pem -key tvuanywhere_key_debug.pem
eg:
zhangqis-Mac-mini:development qizhang$ openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert tvuanywhere_cert_debug.pem -key tvuanywhere_key_debug.pem
Enter pass phrase for tvuanywhere_key_debug.pem:
CONNECTED(00000003)
depth=1 /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgIRAP/KN+WwyNu6AAAAAFDYCGYwDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN
MTYwNTA1MTcyMjM1WhcNMTgwNTAyMTc1MjM0WjB0MQswCQYDVQQGEwJVUzETMBEG
A1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQKEwpB
cHBsZSBJbmMuMScwJQYDVQQDEx5nYXRld2F5LnNhbmRib3gucHVzaC5hcHBsZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDu8g0rJ6zbAczB/gpg
QSDkK9ftwW38Z8bAgsV1uZXvYfjmq8h69bIy0v1TMie03mEMSm/WVHWisCFSJSIG
11QX3Z6mgw+Qff4M3VccSTZaPiEofCp/feUXQqzImBhe4/RVyem9n6ZURAYyWYN9
4xTedpSgvQQb5aTnEpmTGMgxL7pKBRRErtKB6PlqixJ176AisR4Q2KxVYwGakM9e
a34qj+qbVu+v6B8XXV1CUA4OmS59dpQ5YXBYdHFEaqaDs+IhUrElB2hAg7Gcc649
O/EeQqjs8VwsmGM+FYIftvfkyCfeJz1Lfk9fdNMcAm4jWh/n2LzqPT1fZaDS9L1E
z1vjAgMBAAGjggGVMIIBkTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50
cnVzdC5uZXQvbGV2ZWwxay5jcmwwSwYDVR0gBEQwQjA2BgpghkgBhvpsCgEFMCgw
JgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMAgGBmeBDAEC
AjBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1
c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1j
aGFpbjI1Ni5jZXIwKQYDVR0RBCIwIIIeZ2F0ZXdheS5zYW5kYm94LnB1c2guYXBw
bGUuY29tMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MB0GA1UdDgQW
BBQilGEKLJhxmPA0qq6OtdmvSADjszAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUA
A4IBAQB9KaD/0IUHBykbu1detIDPgDCkvEkcTg+Aoge6h1yj1wkSv3d94mJif+jy
/p9Yz0Uf69d7tMAK8nrefin4cBFSdJpj9HSk0AUaQoDFAz+BLuGMN8J05iwWKYf+
IkS7sr+z3RgGkFyH9XCMAu+MrvCz/r+SIuM6AO2/F/iwmBU1UrerbCjBfPxM+sNB
BU0lUv0w0Xm3/ZyDh+Em0u15vM8D4NtkK6v0K+3GdgBU6xGgpX68eqszSIbkRzMu
Hke/uLEPEGV/r6N1NSgQqbajUVgqUCrG3GPHsmuVHCFWSP1YYc+2FwKYOLEUgbma
yYBeaZ+LYzqYxyZzBvj+jTaRKi56
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
issuer=/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
---
Acceptable client certificate CA names
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Application Integration Certification Authority
/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
/C=US/ST=CA/L=Cupertino/O=Apple Inc./OU=Internet Software and Services/CN=iCloud Test/emailAddress=APNS-Dev@group.apple.com
/CN=Apple Application Integration 2 Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=US
---
SSL handshake has read 3522 bytes and written 2183 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: B0291DE714A900BB74082D810B7780E719420E9AAD3404276D4DF2D5D9182DF44D19D770B9A09DCE0B4758CEC2F62FF4
Key-Arg : None
Start Time: 1479351669
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
sdf
closed
zhangqis-Mac-mini:development qizhang$
随便输入一句话,按回车。能顺利推出即为通了。 OK,已经通了。到此为止制作成功了。你可以比照着上述方法执着 生产环境的 APNS证书了。
补充
合成证书的制作
所谓的合成证书,就是 key.pem 和 cer.pem 文件和在一起的一个证书。我们可以打开上面制作的任意一个 .pem 文件,内容如下:
tvuanywhere_cert_debug.pem文件的内容
Bag Attributes
friendlyName: Apple Development IOS Push Services: com.tvunetworks.TVUAnywherePro
localKeyID: D4 0B E4 32 3A 49 A4 8C 5B C0 38 28 81 F6 1E F7 DA 4B FE 80
subject=/UID=com.tvunetworks.TVUAnywherePro/CN=Apple Development IOS Push Services: com.tvunetworks.TVUAnywherePro/OU=YDEVQQ22JR/C=US
issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
-----BEGIN CERTIFICATE-----
MIIFoTCCBImgAwIBAgIIcXl/K7asceQwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNV
BAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3Js
ZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3
aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMTYxMTE2MDUyNzIwWhcNMTcxMTE2MDUyNzIwWjCBoDEuMCwGCgmSJomT8ixk
AQEMHmNvbS50dnVuZXR3b3Jrcy5UVlVBbnl3aGVyZVBybzFMMEoGA1UEAwxDQXBw
bGUgRGV2ZWxvcG1lbnQgSU9TIFB1c2ggU2VydmljZXM6IGNvbS50dnVuZXR3b3Jr
cy5UVlVBbnl3aGVyZVBybzETMBEGA1UECwwKWURFVlFRMjJKUjELMAkGA1UEBhMC
VVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+QCVkIPfAQt5dctaT
1NEsTgUa9EAckD4YyqRhhD6hjJkFJZsrHeNrs++Tz6ZtMuzJOZh7YmHssDWNWai6
ATRa1SwjSNGBu4hgyMV4wViuXKoxLtt1RAFzNpkBnfewkC8bOVmlfA1O4Ht1pOgY
51bFelGzfR74xOY6EwjxrQG5RSiZUkl2RxoLt7iPj3C34DQyESJ/whUS4FmDfbo/
lEuPdE/mxCW41OJkaetGsm+M5Y1pBMUjBP6bBKejmV1H8M+tRkEKXRmpU18G8wPm
uULpNb047twLN5l3/2N7MwGQBloA3mBuO1v8SC7x0/UsktYiM9qXXwukntBxd25x
r0FtAgMBAAGjggHlMIIB4TAdBgNVHQ4EFgQU1AvkMjpJpIxbwDgogfYe99pL/oAw
CQYDVR0TBAIwADAfBgNVHSMEGDAWgBSIJxcJqbYYYIvs67r2R1nFUlSjtzCCAQ8G
A1UdIASCAQYwggECMIH/BgkqhkiG92NkBQEwgfEwgcMGCCsGAQUFBwICMIG2DIGz
UmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1l
cyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVy
bXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5k
IGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wKQYIKwYBBQUHAgEW
HWh0dHA6Ly93d3cuYXBwbGUuY29tL2FwcGxlY2EvME0GA1UdHwRGMEQwQqBAoD6G
PGh0dHA6Ly9kZXZlbG9wZXIuYXBwbGUuY29tL2NlcnRpZmljYXRpb25hdXRob3Jp
dHkvd3dkcmNhLmNybDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIw
EAYKKoZIhvdjZAYDAQQCBQAwDQYJKoZIhvcNAQEFBQADggEBAKr7qEKwI14IT9jW
8W5O4x3rjbx/8Y+QQ5lQ2bcBqaLWULZZV56DITwv1xoxvUasbQTGlO/SgBRarxNj
HgYNfbKwmvHzgvtZUQUAY9n0N/mPy2zMy1TeRZp19/S+Fa0ylpzJQ9sHi0TnXCj/
oaSB4nhRhEgfAgRgaDP5uz+bOnHCf1zc0lBYNJvKrUwrpJSbUhX9rTfqqro0SY5V
PZqQJ01HpysNeqXmqAH4dc0GFBFPwNMJT9ycPmChxcwQOULzXkd+QqET3bN4MwAg
wPdDVEYDbq+g5hWKK9sf8PzRs/cUpN1l/OjKvql4H0FndKJCUnJAlHY+Y70mW5yq
GRFDnrQ=
-----END CERTIFICATE-----
tvuanywhere_key_debug.pem文件的内容
Bag Attributes
friendlyName: TVU
localKeyID: D4 0B E4 32 3A 49 A4 8C 5B C0 38 28 81 F6 1E F7 DA 4B FE 80
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,21E8B79AB538FF93
MQxjNW8VbaLulxZCIxPmgoKeXGlsa9IqZxVbFjZ4/n96nT/SKsaUBZNny4i5EMgT
52RqqtJoqDLi02yhlOgSj3IFfAtO0pyeUNLczsPyKIIofu6u+NmthW6ufVSMtrM/
KjQs71/a7tv0o5TbG2vU3heZTzr03YiSxTWg7zVFD8DLufvQhiFoNu8cU5iVyWHG
H5qQUceqsBGIIqyjFtYeXcuQb5htfry7C0yf0fwUWFECCFH+YuZe1LxuVSI8UyW3
DKM+CXNQTOjZepOTJPN6gW9P7XnEMhSDyeYav9m5KXwTHN+UmMrDsEtUJIORHn4N
WnJ2sZaqAajm32qTm7blEV7oocM3ZMFC9a2mmU1YLsYnPIml++22ZRfuhhZWrpea
bAMUWfFn/vyZBMJpAJdVXhJzbxzuUJhASEt43uU7NSHDFh5Dwttit1kYlCqhV3QV
/cSLy8qiWimlMLMe/m41e0Kpt/u52PZ34AP4SYSap88FtfBRtQRPpa9nanltU1cu
IdmyBXsRcg6SagIg3jKAh3PvFOxIBijESRlIITCJ5KwKvQT2ara0N55Wxh+YFqir
oOy4kn1DPeiBcv/TVEzXot/6ZRFabky69Bq07wGQtvmInyoMOivGOH+d4GeuE+L8
93DsZP1f9nhIA9jSr+EuoTCTFgOCr1Cinwzb2rvshAKHhSnjRUCp6vNtZtV0LM8g
fGiwgLLtn3tR9jrySCuuen507x/8FHCwe88sEqOBPxBe9FUCOybm5ryn7YyInNLn
jgFriH55bL4wehm8GNXu/spLE0oN8PZYg17ZK3H8RheH5C6oNBWI5ksWfdsl7BnV
JbC0RJwIX+Bkc6sVX32r5RjUp1ZxhyGDIz4gaKR9Se/XynQw+2wuSUs49ZzOH5oz
8cTEOJUHbjV4jm7yqvU/keOwtVP3kvy8spQ6y8IL/VuHiMfHfGJIfR20Zu8a9sTB
16+5LXuOjVs/356X70c005u+pJK1CdUKpkc5kzZOZhhwvjLufq06x7sy8VQDIyaL
x/WReROOfKk8Lx8Glf30zBIINdHk0Ee5eLpBWgdPGeyagCSkNk96FP1AqeWhQtfU
V3mNRS+GFD1TIMAhv9PilWDpY2+lOXUUJMRyW4pFqSTPiOERMpBqklK80SdtAaPN
uL1HaljJbHXoSwWR6+0UeUiYK0DrzeH7qacVjeG/+xz32UMgc5K6ION2WuQhJW9C
uzlwmGW99NKfi2idT5MFIdSBml0BSsayXO9tf0ybv1v0GBEyctSyJIHe72imC2dg
lzfTpg9m+k0SrcuS33+WCDAwDKLFoqd9W+fwvUoiOEA/lDzmVCw/o9VhFII5gAQF
ej8TzBMUQwk55GEAQPn1TeexsAmuqXFsmVN+G/G74hm3weOKzoqvOKeWWpC1tNr/
G8ZcrWtU9qFLrnxgbdfn7gE+Hlk4KKziG9R/SRTrvOLoYzzeLzlGrA0lJEHplSZG
UhuZe0MNHl8YX/agK+bfCJiZusWn/wl0NKoLbNZPDLEo6dVb8wHJTY6VxUeSotdT
D3cFm8h+ryNg0Tesma7G6R2Pk5vEweK50eCdVY0qZSEl9niDsQjPy7cRywmLbNNg
-----END RSA PRIVATE KEY-----
我们可以用命令行把这两个文件和在一起,这种方法我们不做介绍。下面介绍如何根据 cer.p12文件直接生成这种合成文件。
我们要根据 TVUAnywhere_development_apns.p12 文件生成 TVUAnywhere_development_apns.pem文件,命令:
openssl pkcs12 -in TVUAnywhere_development_apns.p12 -out TVUAnywhere_development_apns.pem -nodes
eg:
zhangqis-Mac-mini:development qizhang$ openssl pkcs12 -in TVUAnywhere_development_apns.p12 -out TVUAnywhere_development_apns.pem -nodes
Enter Import Password:
MAC verified OK
我们查看一下 TVUAnywhere_development_apns.pem 的内容:
Bag Attributes
friendlyName: Apple Development IOS Push Services: com.tvunetworks.TVUAnywherePro
localKeyID: D4 0B E4 32 3A 49 A4 8C 5B C0 38 28 81 F6 1E F7 DA 4B FE 80
subject=/UID=com.tvunetworks.TVUAnywherePro/CN=Apple Development IOS Push Services: com.tvunetworks.TVUAnywherePro/OU=YDEVQQ22JR/C=US
issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
-----BEGIN CERTIFICATE-----
MIIFoTCCBImgAwIBAgIIcXl/K7asceQwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNV
BAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3Js
ZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3
aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMTYxMTE2MDUyNzIwWhcNMTcxMTE2MDUyNzIwWjCBoDEuMCwGCgmSJomT8ixk
AQEMHmNvbS50dnVuZXR3b3Jrcy5UVlVBbnl3aGVyZVBybzFMMEoGA1UEAwxDQXBw
bGUgRGV2ZWxvcG1lbnQgSU9TIFB1c2ggU2VydmljZXM6IGNvbS50dnVuZXR3b3Jr
cy5UVlVBbnl3aGVyZVBybzETMBEGA1UECwwKWURFVlFRMjJKUjELMAkGA1UEBhMC
VVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+QCVkIPfAQt5dctaT
1NEsTgUa9EAckD4YyqRhhD6hjJkFJZsrHeNrs++Tz6ZtMuzJOZh7YmHssDWNWai6
ATRa1SwjSNGBu4hgyMV4wViuXKoxLtt1RAFzNpkBnfewkC8bOVmlfA1O4Ht1pOgY
51bFelGzfR74xOY6EwjxrQG5RSiZUkl2RxoLt7iPj3C34DQyESJ/whUS4FmDfbo/
lEuPdE/mxCW41OJkaetGsm+M5Y1pBMUjBP6bBKejmV1H8M+tRkEKXRmpU18G8wPm
uULpNb047twLN5l3/2N7MwGQBloA3mBuO1v8SC7x0/UsktYiM9qXXwukntBxd25x
r0FtAgMBAAGjggHlMIIB4TAdBgNVHQ4EFgQU1AvkMjpJpIxbwDgogfYe99pL/oAw
CQYDVR0TBAIwADAfBgNVHSMEGDAWgBSIJxcJqbYYYIvs67r2R1nFUlSjtzCCAQ8G
A1UdIASCAQYwggECMIH/BgkqhkiG92NkBQEwgfEwgcMGCCsGAQUFBwICMIG2DIGz
UmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1l
cyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVy
bXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5k
IGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wKQYIKwYBBQUHAgEW
HWh0dHA6Ly93d3cuYXBwbGUuY29tL2FwcGxlY2EvME0GA1UdHwRGMEQwQqBAoD6G
PGh0dHA6Ly9kZXZlbG9wZXIuYXBwbGUuY29tL2NlcnRpZmljYXRpb25hdXRob3Jp
dHkvd3dkcmNhLmNybDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIw
EAYKKoZIhvdjZAYDAQQCBQAwDQYJKoZIhvcNAQEFBQADggEBAKr7qEKwI14IT9jW
8W5O4x3rjbx/8Y+QQ5lQ2bcBqaLWULZZV56DITwv1xoxvUasbQTGlO/SgBRarxNj
HgYNfbKwmvHzgvtZUQUAY9n0N/mPy2zMy1TeRZp19/S+Fa0ylpzJQ9sHi0TnXCj/
oaSB4nhRhEgfAgRgaDP5uz+bOnHCf1zc0lBYNJvKrUwrpJSbUhX9rTfqqro0SY5V
PZqQJ01HpysNeqXmqAH4dc0GFBFPwNMJT9ycPmChxcwQOULzXkd+QqET3bN4MwAg
wPdDVEYDbq+g5hWKK9sf8PzRs/cUpN1l/OjKvql4H0FndKJCUnJAlHY+Y70mW5yq
GRFDnrQ=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: TVU
localKeyID: D4 0B E4 32 3A 49 A4 8C 5B C0 38 28 81 F6 1E F7 DA 4B FE 80
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvkAlZCD3wELeXXLWk9TRLE4FGvRAHJA+GMqkYYQ+oYyZBSWb
Kx3ja7Pvk8+mbTLsyTmYe2Jh7LA1jVmougE0WtUsI0jRgbuIYMjFeMFYrlyqMS7b
dUQBczaZAZ33sJAvGzlZpXwNTuB7daToGOdWxXpRs30e+MTmOhMI8a0BuUUomVJJ
dkcaC7e4j49wt+A0MhEif8IVEuBZg326P5RLj3RP5sQluNTiZGnrRrJvjOWNaQTF
IwT+mwSno5ldR/DPrUZBCl0ZqVNfBvMD5rlC6TW9OO7cCzeZd/9jezMBkAZaAN5g
bjtb/Egu8dP1LJLWIjPal18LpJ7QcXduca9BbQIDAQABAoIBAGsWPjW7HNk6imG9
VyzE+Kxgih0e6MtrIZjgz2AYiQxz0FoGTe4aF72y/aKMmlgS9xdY9QxWV1pb4Pjc
Q83XCborDXoa7dqBTYV03TpYUmtqu12Ny3eZPNu2Gq+/VAEtV2aShHRSfEcusi+J
EB+cb8oeTMikH//VDOYZespWIIdAfIGjlCmYEBd0SL2P9gX8UUWDRFjvGdp63JP+
CaOATrSWCqArnI6FZsFyyCyspP48IJAaBe9u7JCmVXcuXh6bGEEW29X9xgc1H0T1
lQvxscHSKBzqhSP32Ahaj7U0cfYaD31L7NjV1BzLb/V0sSsIcfxkWdTmYkzyyn4T
3XoPRAECgYEA/XrkLgdTg/1gGHWT3I5NAzfTEMcSu3bQ3H3M2MaQkFJYtkEnu061
g8Qm8/OSyq2Ura9UNVgkl4DCqM10kc/93P+elMWZhQPAkqUA8fEphduSAEdsQvNS
aCRPnCye36VRCmCvrdv6VO4Qid4bLY7SRKjLqv0j4p1D/DlWIZKPIm0CgYEAwCRV
0cfgMRfXFhI4H7iNUYo5csWzZ4GBDMJUXqJTxBZtbp57dC2GaLCPLlGnVQSBUJBc
B0qm6fmguqER3HF+Wrl8h3KIxe7UCRkJqIUnRQ4AReJ+vv6rYLI4+guE1g4Eebg9
VuKY/TXt/r8CxhryoaNVpDPDrWpyWgSwtMRVOwECgYEA0mK8nwOPqt6TctmsFwS5
IPGlqqhAgP32DvwPGOF+PXtLjEH58zo56BrXZeWFsdlurNX4I6p7/I9vgeG9XgTv
JQ25FqwHZuKdZFm1tho/J4392WNulQcWH7/7n5ldaCzzXZSwW7JYTUOm0HdbwW1o
UnpzSQGAVmfHdMI2Hflh+eUCgYEAiBa0OhtJbTwneVh6K+15GnG+cs4YXY1aLAFP
5J8wmUgRRjI12nmMI4Y6Q2JOFGdWeAtnQzrasgm+j7EZh3tTNUr/Kqgyu46G29LC
BnwY7k4WX2kmwHx8Qca5mFCkS0AuZ0/ZEjr4hQ+3e6Eqg8n+ZAHd3KlVRPSJ/bwo
tEAC5gECgYAlPzSWwMuoi6TTHOZIzYzaI5migVfvXbsCuau8eyz+8/pNNmtx8zu9
pn83jp924d41xeqMcyucfHA2lvCHZLv9wvAV6bCpNRUqCPOj4BhBbDrUajmddEWo
GMaDTuzgxnQZdRqjEZMpwf2Wm9/8ee8lowlBw3TF1d9C5EyClop/Nw==
-----END RSA PRIVATE KEY-----
OK了,这个合成也已经介绍完了。
证书校验
APP与 APNS 之间是加密的连接,因此需要使用证书来加密连接。每个的推送环境有自己单独的推送证书,即开发证书和生产证书。在将证书最终转为 pem 格式后,可通过与 APNs 连接来测试证书是否有效。
开发环境APNS服务器的地址:gateway.sandbox.push.apple.com:2195
生产环境APNS服务器地址:gateway.push.apple.com:2195
由于我们这个教程制作的是开发环境的证书,所以如果你做的是生产环境,直接替换 APNS 服务器地址即可。
1) 不使用合成证书进行校验 (使用 cer.pem 和 key.pem进行校验)
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert tvuanywhere_cert_debug.pem -key tvuanywhere_key_debug.pem
2)使用合成证书进行校验
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert TVUAnywhere_development_apns.pem
3)如何判断校验成功
当输入完命令回车后,终端首先会输出很多相关信息。
当连接建立失败时,会直接关闭。
当连接建立成功时,终端会停止输出,并等待你输入,你可以随便输入一些字符后摁回车,然后连接才会关闭。
生成RSA格式的key
在上面生成的key.pem中,有时候其格式不是我们想要的RSA格式,我们可以通过’openssl’生成RSA格式的。
openssl rsa -in key.pem -out key_rsa.pem
最终生成的格式如下:
-----BEGIN RSA PRIVATE KEY-----
key content
-----END RSA PRIVATE KEY-----