PUSH Certification Error

Question

I am trying to use Apple Push Notification Services. For the first time when I install the MDM profile the mobile sends me the device token and few other details after which I couldn't able to contact mobile device with any command. No Push Notification was received on the mobile device. There is no firewall issue as I could able to telnet successfully.

Apple Documentation suggest me to verify the connectivity with the following command

$ openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert YourSSLCertAndPrivateKey.pem -debug -showcerts -CAfile server-ca-cert.pem

I have downloaded server-ca-cert.pem this site.I really don't understand what will be the YourSSLCertAndPrivateKey.pem.

I have created various certificates using OpenSSL as follows.

"1. Creating Certificate Authority (CA)"
openssl req -new -x509 -extensions v3_ca -keyout cakey.key -out cacert.crt -days 365

"2. Creating the Web Server private key and certificate request"
openssl genrsa 2048 > server.key
openssl req -new -key server.key -out server.csr 

"3. Signing the server key with the CA. You'll the CA passphrase from step 1."
openssl x509 -req -days 365 -in server.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out server.crt -extfile ./server.cnf -extensions ssl_server

"4. Creating the device Identity key and certificate request"
openssl genrsa 2048 > identity.key
openssl req -new -key identity.key -out identity.csr

"5. Signing the identity key with the CA. You'll the CA passphrase from step 1."
openssl x509 -req -days 365 -in identity.csr -CA cacert.crt -CAkey cakey.key -CAcreateserial -out identity.crt
openssl pkcs12 -export -out identity.p12 -inkey identity.key -in identity.crt -certfile cacert.crt

"6. Generating keys and certs for plist generation"
openssl req -inform pem -outform der -in identity.csr -out customer.der

What is YourSSLCertAndPrivateKey.pem file mentioned in Apple documentation?

When I use cacert or server certificate created in steps (1-3) I am getting error:14094418 and connection gets termimated showing SSL error 48.

Answer 1

You should not use this command to check the working of MDM. This is especially designed for Apple Push Notification Service for Apps where gateway.sandbox.push.apple.com:2195 will be used.

For MDM gateway.push.apple.com:5223 is used.

Answer 2

What is YourSSLCertAndPrivateKey.pem file mentioned in Apple documentation?

You have to have an Apple developer account. With the account, you sign up for Push Notifications (its different than the other Apple development certificates you posses, like your developer certificate or device certificates through provisioning). You present a CSR, and Apple signs it. You then use your certificate and private key for pushes.