APN Production certificate not being recognized by PushSharp

Question

I've developed an iOS app, that receives Push Notifications. I'm sending them from a .NET environment using PushSharp. Everything went beautifully while developing, and the Pushs were successfully sent:

var push = new PushBroker();
var appleCert = File.ReadAllBytes(@"Utils\Cert.Development.p12");
push.RegisterAppleService(new ApplePushChannelSettings(false, appleCert, "*******"));
push.QueueNotification(new AppleNotification()
    .ForDeviceToken(token)
    .WithContentAvailable(1)
);
push.StopAllServices();

Now, the app has been approved, and it's at AppStore. I have generate the correct production certificate:

var push = new PushBroker();
var appleCert = File.ReadAllBytes(@"Utils\Cert.Production.p12");
push.RegisterAppleService(new ApplePushChannelSettings(true, appleCert, "*******"));
push.QueueNotification(new AppleNotification()
    .ForDeviceToken(token)
    .WithContentAvailable(1)
);
push.StopAllServices();

but when I try to send the push from PushSharp, it throws the following exception:

You have selected the Production server, yet your Certificate does not appear to be the Production certificate! Please check to ensure you have the correct certificate!

I'm pretty sure I've followed all the steps. I've downloaded the production certificate that was binded with the provisioning file set in the app to publish. Opened it and exported the .p12.

I'm also sure I'm not using a development one by accident, because, if I set PushSharp for development, using this last certificate, it throws the following error:

You have selected the Development/Sandbox (Not production) server, yet your Certificate does not appear to be the Development/Sandbox (Not production) certificate! Please check to ensure you have the correct certificate!

How can the certificate be neither Development, nor Production?

Is there somewhere I can validate the file? Please give me some insigth on this matter, as I have no clue where to start

Answer 1

Apple has changed the name. Please go to ApplePushChannelSettings.cs and change the name as below.

From

if (production && !subjectName.Contains("Apple Production IOS Push Services"))

To

if (production && !subjectName.Contains("Apple Push Services"))

I need to do this when I renewing my expired cert yesterday. Change the name, rebuild it and upload to server, then it's working again.

Answer 2

Apple has introduced a new universal push certificate that enables connection to both the APNs Production and Development environments.That's why the production certificate common name has been changed from Apple Production IOS Push Services to Apple Push Services.

You should change the code on the provider push server to be compatible with the new common name.

Answer 3

When you create production certificate (.p12) for .NET, Always export like selecting the certificate only. see the attached image

http://davidbits.blogspot.in/2016/02/error-you-have-selected-production.html

Answer 4

Issue was in PushSharp Library just update it to Version .3 this is becuase apple has changed Push Certificate Name From (Apple Production Push Service) to (Apple Push Service) and pushSharp check the name of Certificate : (production && !subjectName.Contains("Apple Push Services")).

Answer 5

Error: You have selected the Production server,
yet your Certificate does not appear to be the Production certificate!
Please check to ensure you have the correct certificate!

Solution: (production && !subjectName.Contains("Apple Push Services"))

Answer 6

Invoke Following snippet Send Device Token & Message

 public void PendingNotification(string DeviceToken,string message)
    {
        try
        {
            int port = 2195;
            //Developer
            String hostname = "gateway.sandbox.push.apple.com";
            //Production
            //String hostname = "gateway.push.apple.com";
            String certificatePassword = "XXXXXX";
            string certificatePath = Server.MapPath("~/Cert.p12");
            TcpClient client = new TcpClient(hostname, port);
            X509Certificate2 clientCertificate = new X509Certificate2(System.IO.File.ReadAllBytes(certificatePath), certificatePassword);
            X509Certificate2Collection certificatesCollection = new X509Certificate2Collection(clientCertificate);
            SslStream sslStream = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
            sslStream.AuthenticateAsClient(hostname, certificatesCollection, SslProtocols.Tls, false);
            //String DeviceToken = "a5062b62aacbe6a499e02351c3f233ce87004574ff01965dff5f6bb8f15cae13";
            String LoginName = "Name";
            int Counter = 1; //Badge Count;  
            String Message = message;
            String UID = "your choice UID";
            string payload = "{\"aps\":{\"alert\":\"" + Message + "\",\"badge\":" + Counter + ",\"sound\":\"default\"},\"UID\":\"" + UID + "\",\"LoginName\":\"" + LoginName + "\"}";
            MemoryStream memoryStream = new MemoryStream();
            BinaryWriter writer = new BinaryWriter(memoryStream);
            writer.Write((byte)0);
            writer.Write((byte)0);
            writer.Write((byte)32);
            writer.Write(HexStringToByteArray(DeviceToken.ToUpper()));
            writer.Write((byte)0);
            writer.Write((byte)payload.Length);
            byte[] b1 = System.Text.Encoding.UTF8.GetBytes(payload);
            writer.Write(b1);
            writer.Flush();
            byte[] array = memoryStream.ToArray();
            sslStream.Write(array);
        }
        catch (Exception ex)
        {
            //Response.Write(ex.Message);
        }
    }
    public static byte[] HexStringToByteArray(string hex)
    {
        return Enumerable.Range(0, hex.Length)
            .Where(x => x % 2 == 0)
            .Select(x => Convert.ToByte(hex.Substring(x, 2), 16))
            .ToArray();
    }
    public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;
        Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
        return false;
    }

Answer 7

Follow the steps in the following link to generate Production SSL Certificate:

How To Create APNS Certificate

If that didn't work,double check on your code,make sure you're reading from the correct certificate file, and you're passing True to ApplePushChannelSettings

Answer 8

I'd recommend using something from the 3.0 nuget preview releases. This issue is fixed in these releases and will not be backported to 2.x.

Answer 9

PushSharp 2.x > Push.Apple > ApplePushChannelSettings.cs

On ApplePushChannelSettings.cs find DetectProduction() and CheckProductionCertificateMatching() and replace '.Contains("Apple Production IOS Push Services")' by '.Contains("Apple Push Services")'

It occurs because apple changed the certificate name from "Apple Production IOS Push Services" to "Apple Push Services", the PushSharp identify the type(production/development) by the certificate name.