SSL error while implementing Apple Push Notification
I had the exact same problem. Turns out it was a simple error - I had a mistake in IPHONE_SANDBOX_APN_PUSH_CERT and python could not locate my certificate. Once I pointed it to the right location, it started working.
Note that you might want to double-check your certificate first using openssl command line, such as:
openssl x509 -text -in cert.pemThat will give you textual information about your certificate, its validity, etc.
Also, double-check file permissions of the certificate file (the python process must have sufficient rights to access it).
In my case, what worked for me is like below:
Use the full path like
apns = APNs(use_sandbox=True, cert_file='/usr/local/etc/cert.pem', key_file='/usr/local/etc/key.pem')rather than
apns = APNs(use_sandbox=True, cert_file='cert.pem', key_file='key.pem')
my solution was that when creating my .pem file i set a blank password and assumed it meant no password. so the server was still expecting to use a password. i had to manually remove the password.
here is a little how to guide if it helps anyone:
NOTE: need to follow directions from apple’s developer website to create certificate first then export the .p12 file, by exporting the embedded private key that is created (in ‘keychain access’), NOT the actual certificate————————————————————————————————————————————————————————————————————————FOR DEVELOPMENT CERT:After getting the p12 file, it needs to be converted to the PEM format by executing this command from the terminal:$ openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns_dev.p12$ openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns_dev.p12
If you wish to remove the passphrase execute the following: (NOTE: using a ‘blank’ password when exporting/converting, is still indeed setting a password, hence you should still execute the following if you intend to have no password)$ openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem
Finally, you need to combine the key and cert files into a apns-dev.pem file we will use when connecting to APNS:
$ cat apns-dev-cert.pem apns-dev-key-noenc.pem > apns-dev.pem
————————————————————————————————————FOR PRODUCTION CERT:After getting the p12 file, it needs to be converted to the PEM format by executing this command from the terminal:$ openssl pkcs12 -clcerts -nokeys -out apns-prod-cert.pem -in apns_prod.p12$ openssl pkcs12 -nocerts -out apns-prod-key.pem -in apns_prod.p12
If you wish to remove the passphrase execute the following: (NOTE: using a ‘blank’ password when exporting/converting, is still indeed setting a password, hence you should still execute the following if you intend to have no password)$ openssl rsa -in apns-prod-key.pem -out apns-prod-key-noenc.pem
Finally, you need to combine the key and cert files into a apns-dev.pem file we will use when connecting to APNS:
$ cat apns-prod-cert.pem apns-prod-key-noenc.pem > apns-prod.pem