We have deployed our application with push notifications using a development provision profile. The APNS SSL certificate expires from 3 months , so my client wants to extend it's valid period preferably by several years. Is it possible to get a 3rd Party SSL certificate to connect to APNS ?
No, it is not possible. You must generate the certificate through the iOS Provisioning Profile. By the way, you need to deploy your application using a production certificate and not a development certificate.
Related
I am implementing windows phone MDM using windows phone 8 enterprise DM Protocol. I succeed in Discovery phase and Certificate enrolment policy web service. But in Certificate enrolment web service process i am facing problem.
While creating provisioning XML i embedded my domain CA and intermediate certificates. I also added Client certificate which i got request from device. I totally converted into base 64 format and i am sending response to the device(RequestSecuirtyTokenResponse). I am using Fiddler tool for seeing logs .
I am not getting any response from the device.
My doubts are 1) what certificates i need use in provisioning XML . 2) what is client certificate.
I am using valid ssl not self sign certificate. Still i need any certificates
Any advice would be greatly appreciated. Please guide me
finally after one month i succeed enrolment.
We have to use windows phone developer power tool for debugging.
For my questions i am answering as below.
1) We have to use Root certificate(CA) that is valid CA certificate. We need to sign client certificate(fly from device) with server certificate and key certificate. Be careful about finger print.
2) No extra certificates need for enrolment. Above two are mandatory.
I hope above will helps to others.
Basically our iOS app needs to communicate with a server which has a self signed certificate for now. In my app, the https is failing with untrusted server certificate which is understandable. The error is like this:
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “my host name here” which could put your confidential information at risk."
So I sent the self signed certificate via email to the iOS device and imported into the profiles and hoping that it would be used as part of root CA for https authentication. To my surprise, it is not and I am still getting the same error. I think that iOS would be default to use root CAs at keychain to validate the server certificate and from what I read, the imported certificate at profiles are at keychain as well. So I could not understand why my imported self signed certificate is not used as root CA.
At this point, I don't really want to trust this self signed certificate via the coding like this iOS authenticate HTTPS with self-signed certificate or In iOS, how to connect to a server using https with self-signed certificate on the server? since this won't work in customer case where they would install our server on their network and they could create their own self signed certificate.
Somehow I didn't really get much information around this from searching. Could anyone shed some lights here and what I need to do to debug this? Thanks very much.
Update on July 15:
More update around this. I also tried to use configuration profile to add a self signed CA to root CA at the iOS device by following Adding Trusted Root Certificate Authorities to iOS , from my testing on 6.0 iPad and iPhone, it doesn't work as well. So not sure if that only works on jail broken device or not. In the end, I end up by allowing user to import a self signed certificate into the app. The app would load such imported certificate for certificate verification similar to this In iOS, how to connect to a server using https with self-signed certificate on the server?. Hope that it would help others in this case.
looking at the first tutorial you linked to you should be able to use that or some more advanced form of that and once you have tested and have it working then all you have to do for a client to create and add their own certificate would be to override/replace the localhost.cer file in the apps folder where the file localhost.cer "or whatever name scheme you use" is located. there are many ways to do this but one could be telling the app a link where the certificate is online for download and once downloaded, then replace.
Any questions I'll try and help further but hopes this helps you in the right direction.
I'm currently learning to develop for iOS and reached the points where i want to play around with some push-notifications.
I was able to use the developing certificate to register the iPhone for Push-Notifications but now i want to establish a connection between my debian rootserver and the APNS (for the first try i'll connect to the sandbox-server).
Some tutorials showed me how to receive a certificate for my Mac but therefore I need a valid certificate for my server or am I wrong with this assumption?
As far as I know the APNS works with apple certificates only. In short:
Create an app id in provisioning portal
Enable it for push notifications
Generate certificates following the usual procedure.
Combine the generated certificate and private key into one .pem and us it in communicating with apple.
This tutorial was all I needed:
http://www.raywenderlich.com/3443/
I am implementing a push notification system for one of my apps, so I am following this tutorial and generating a SSL certificate for that.
This app of mine involves also, some exchange of data between the app and the server and I would like it to be SSL protected and I was wondering of getting a SSL certificate from verisign or other company like that.
My question is: is this SSL certificate created for push a regular SSL certificate, so in that can use it also to establish a https connection to the server (and save a couple hundred dollars to order a third party certificate)? I don't know much about SSL certificates, but I hope it can be used for that...
This will be amazing!
Since each certificate is tied to a specific domain, I'm not sure how this would work. There is a concept of wildcard certificates, but I still think they have to be for the same domain.
In your case, it sounds like you will have the Apple push certificate, which validates the connection between your server and Apple's push notification server. The other certificate would be to validate/secure the connection between your iOS app and your server. Both of these are assigned a different domain (gateway.sandbox.push.apple.com vs. yourserver.com).
One option you do have depending on how your iOS app is structured is to use a self-signed certificate between your iOS app and your server. I'm guessing the end-user will not be seeing the certificate anyway. This might be a way to save you money before deciding on a third party certificate.
I am new to the APNS certificate thing. My question is a old developer lost our Private Key which we used for several in-house (ad-hoc) applications, and an application we use to push out applications and policies to users. I know that the only way to get the private key is to revoke the certificate and then generate a new one and re-sign all the internal applications and re-deploy with the new cert. My only concern is what happens to the application that uses APNS, does this still use the distribution certificate from our apple account, or will this not be affected when we revoke the distribution certificate?
The push certificate is not part of the provisioning profile. It has nothing to do with the client (the app), only your server's connection to APNS is affected.