I'm trying to configure the Apple Push Notification Service (APNS) in the SAS Tenant, but
I wasn't able to do it for the reason that Tenant notifies me that the key or the certificate are invalid, probably because they don't match.
Perhaps I'm doing wrong when I try to upload the key and certificate in the Tenant.
My key has the following format:
auth:
key_identifier: "K86*******"
encryption_key: |
-----BEGIN PRIVATE KEY-----
MIGTAgE*********************************************************
****************************************************************
****************************************************************
*****PR
-----END PRIVATE KEY-----
And my PEM certificate has the following information:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4f:8d:c8:**:**:**:**:**:**:**:**:**:**:**:**:**
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Apple Worldwide Developer Relations Certification Authority, OU=G4, O=Apple Inc., C=US
Validity
Not Before: May 8 13:43:53 2024 GMT
Not After : Jun 7 13:43:52 2025 GMT
Subject: UID=com.services.xxx.ar.beta, CN=Apple Sandbox Push Services: com.services.xxx.ar.beta, OU=XXXXXXXXXX, C=US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:22:8b:1f:a6:59:ab:4d:42:ae:24:d5:fa:88:
fb:a5:99:d2:95:ee:7d:2d:aa:0e:11:81:d1:cb:2b:
47:4b:61:25:84:13:ff:cc:81:32:d7:19:3e:43:0f:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:5B:D9:FA:1D:E7:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**
Authority Information Access:
CA Issuers - URI:http://certs.apple.com/wwdrg4.der
OCSP - URI:http://ocsp.apple.com/ocsp03-wwdrg403
X509v3 Certificate Policies:
Policy: 1.2.840.XXXXXX.100.5.1
User Notice:
Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.
CPS: https://www.apple.com/certificateauthority/
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.apple.com/wwdrg4-8.crl
X509v3 Subject Key Identifier:
E1:A2:6A:52:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**
X509v3 Key Usage: critical
Digital Signature
1.2.840.XXXXXX.100.6.3.6:
0....com.services.xxx.ar.beta0...topic."com.services.xxx.ar.beta.voip0...voip.*com.services.xxx.ar.beta.complication0...complication.&com.services.xxx.ar.beta.voip-ptt0....voip-ptt
1.2.840.XXXXXX.100.6.3.1:
..
Signature Algorithm: sha256WithRSAEncryption
4e:b6:f9:2e:a6:4b:18:ee:4e:c3:e9:d4:87:7c:c6:e3:1c:2f:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
*:*:*:**
-----BEGIN CERTIFICATE-----
MIIGwzCCBaugAwIBAgIQT43Ib7PkvDBu64j4xf8sZzANBgkqhkiG9w0BAQsFADB1
MUQwQgYDVQQDDDtBcHBsZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9ucyBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTELMAkGA1UECwwCRzQxEzARBgNVBAoMCkFw
cGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTI0MDUwODEzNDM1M1oXDTI1MDYwNzEz
****************************************************************
****************************************************************
****************************************************************
*************************************************************g==
-----END CERTIFICATE-----NOTE: I'm reading the pem certificate content with the following command in my Mac:
openssl x509 -in apns_certificate_cert.pem -text
I tried a couple of things but I did't manage to find the correct way to do it.
- First I tried to upload the content as I mentioned before (copy the entire contents). Didn't work.
- Second I tried to upload only -----BEGIN PRIVATE KEY----- *** -----END PRIVATE KEY----- part for the key field and -----BEGIN CERTIFICATE----- *** -----END CERTIFICATE----- part for the certificate field. Didn't work.
- Lastly, I tried to add some metadata in the following way for the certificate field:
Bag Attributes
friendlyName: Apple Sandbox Push Services: com.services.xxx.ar.beta
localKeyID: E1 A2 6A 52 BE ** ** ** ** ** ** ** ** ** ** ** ** ** ** **
subject=/UID=com.services.xx.ar.beta/CN=Apple Sandbox Push Services: com.services.xxx.ar.beta/OU=7C893PWHR8/C=US
issuer=/CN=Apple Worldwide Developer Relations Certification Authority/OU=G4/O=Apple Inc./C=US
-----BEGIN CERTIFICATE-----
MIIGwzCCBaugAwIBAgIQT43Ib7PkvDBu64j4xf8sZzANBgkqhkiG9w0BAQsFADB1
MUQwQgYDVQQDDDtBcHBsZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9ucyBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTELMAkGA1UECwwCRzQxEzARBgNVBAoMCkFw
****************************************************************
****************************************************************
****************************************************************
****************************************************************
*****g==
-----END CERTIFICATE-----It didn't work.
What's the correct way to upload this information?
I'm not sure what I'm doing wrong. Perhaps I'm not reading the certificate in the correct way or the format for the key and certificates are incorrect.
Hope you can help me. Thanks!
