如何校验服务器PUSH证书是否有效？

最新推荐文章于 2023-09-08 17:20:53 发布

颐和园

最新推荐文章于 2023-09-08 17:20:53 发布

阅读量4.2k

点赞数 1

分类专栏： iPhone开发文章标签： openssl Push APNs iOS

本文链接：https://blog.csdn.net/kmyhy/article/details/50496809

版权

iPhone开发专栏收录该内容

527 篇文章 10 订阅

订阅专栏

判断 cer 格式的PUSH证书是否有效非常简单，使用 PushMeBaby\SmartPush 之类的 Mac 应用程序向设备推一条推送通知就可以了。
但是服务器使用的PUSH 证书往往是 .pem（PHP/GoLang服务端）或 .p12(Java/C#服务端)格式的，我们可以用以下 OpenSSL 命令判断服务器 PUSH 证书是否有效，然后再确定是否是服务端代码的问题：

将 PKCS#12 (.pfx .p12) 转成 PEM：

用以下命令转换成同时包含私钥和证书的 pem 文件：
```
openssl pkcs12 -in apns_production_privatekey.p12 -out apns_production_privatekey.pem -nodes
```
期间会提示输入密码，请输入 p12 文件导出时的密码。

注意：如果只导出私钥可以加上 -nocerts 参数，只导出证书则可以加上 -nokeys 参数。

测试生产证书：

openssl s_client -connect gateway.push.apple.com:2195 -cert apns_production_privatekey.pem

如果输出如下信息（），表明证书是正常的：

CONNECTED(00000003) depth=1 /C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C verify
error:num=20:unable to get local issuer certificate verify return:0
— Certificate chain 0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.push.apple.com i:/C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C 1
s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority
- L1C i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net
Certification Authority (2048)
— Server certificate
—–BEGIN CERTIFICATE—– MIIFIzCCBAugAwIBAgIETCMvvjANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC …
… de7tGJEmdBgmtX2Wn0r0Erg+9nnjOEQ=
—–END CERTIFICATE—– subject=/C=US/ST=California/L=Cupertino/O=Apple
Inc./CN=gateway.push.apple.com issuer=/C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C
— Acceptable client certificate CA names /C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA /C=US/O=Apple Inc./OU=Apple
Worldwide Developer Relations/CN=Apple Worldwide Developer Relations
Certification Authority /C=US/O=Apple Inc./OU=Apple Certification
Authority/CN=Apple Application Integration Certification Authority
— SSL handshake has read 3144 bytes and written 2168 bytes
— New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion:
NONE SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 9E737F1BD1AC1D41A2D6486B9F2DD08EF3B87EC9A91EBB42396D9664B34FF534DA2DCF4A897688ECBEFE00B069C481BC
Key-Arg : None
Start Time: 1452222166
Timeout : 300 (sec)
Verify return code: 0 (ok)