My app just got ready for sale on App Store, but none of my production devices (devices that have installed the app from App Store) are getting push notifications. When I try to send a push notification to a production device, I am getting this error:
"The credentials supplied to the package were not recognized"
(System.ComponentModel.Win32Exception)
This exception is internally thrown and caught in an infinite loop:
It is thrown at line 539 of ApplePushChannel.cs file:
try
{
stream.AuthenticateAsClient(this.appleSettings.Host, this.certificates,
System.Security.Authentication.SslProtocols.Ssl3, false);
//stream.AuthenticateAsClient(this.appleSettings.Host);
}
catch (System.Security.Authentication.AuthenticationException ex)
{
throw new ConnectionFailureException("SSL Stream Failed to Authenticate as Client", ex);
}
This is the output of the application in Visual Studio Output:
...
A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in System.dll
A first chance exception of type 'System.ObjectDisposedException' occurred in System.dll
A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in System.dll
A first chance exception of type 'System.ObjectDisposedException' occurred in System.dll
A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in System.dll
A first chance exception of type 'System.ObjectDisposedException' occurred in System.dll
A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in System.dll
A first chance exception of type 'System.ObjectDisposedException' occurred in System.dll
A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in System.dll
...(it keeps getting thrown until I stop it manually)
Here are the things I've tried:
Double checked that the device ID I'm trying is registered with a production device token.
Revoked and regenerated the APNS Production certificate, exported it with the private key to a new .p12 file, and tried again with the new certificate. (I had the same problem with development push notifications, and this solved my problem)
Changed the SSL protocol from Ssl3 to Tls. (a few days ago there was a problem with protocol version, and it fixed a problem temporarily. There shouldn't be need for this, but the error I'm getting is the same as the one I was getting before which this fixed)
Checked that I'm actually trying to connect to production server with the production certificate instead of development server/certificate.
Checked that I can access the APNS server directly (my ASP.NET app lives inside a Parallels VM Windows 8.1 at my Mac, here is the output from my Mac, just to avoid confusion:
(Terminal output)
Edit: I was pinging the sandbox server, I've pinged the production server, I verify that I can connect to it too, so it's not the issue.
can$ sudo nmap -p 2195 gateway.sandbox.push.apple.com
Starting Nmap 6.40-2 ( http://nmap.org ) at 2014-04-28 00:06 EEST
Nmap scan report for gateway.sandbox.push.apple.com (17.149.34.189)
Host is up (0.49s latency).
Other addresses for gateway.sandbox.push.apple.com (not scanned): 17.149.34.187 17.149.34.188
PORT STATE SERVICE
2195/tcp open unknown
Why would PushSharp not negotiate with APNS servers?
I figured out the problem. I revoked and regenerated the certificate again, and this time I only exported the private key (without the certificate). In Keychain access, I exported as .p12 and used the new file and it worked. For some reason, PushSharp wasn't play well with .p12 when both certificate and private key are present in the file.
"The credentials supplied to the package were not recognized" exception usually indicates that the user running the code does not having enough permissions.
If you are sending push notifications from Azure web app or webjob do not load the APNS certificate from a file or base64-encoded string. Go to Azure Portal and add the certificate to website instead. Note the thumbprint.
Next add WEBSITE_LOAD_CERTIFICATES setting and set it to * (asterisk).
Now the APNS certificate can be used from C# code:
string thumbprint = "YOUR THUMBPRINT";
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var certificate = store.Certificates.Find(
X509FindType.FindByThumbprint, thumbprint, validOnly: false)
.Cast<X509Certificate2>().SingleOrDefault();
var apnsConfig = new ApnsConfiguration(
ApnsConfiguration.ApnsServerEnvironment.Production, certificate);
References
Using Certificates in Azure Websites Applications
Configuring a certificate for APNS on the Azure platform
When using the windows certificate store, (imho the easiest way to manage certificates on a production server), be sure to set the correct permissions on the private key.
None of the answers worked for me. In the end what I ended up doing is importing the Cert and Private Key into the Windows cert store, and then exporting as a .pfx.
I was tested it again and again.
Convert the p12 file to pem format, and it will work with IIS limited users and maybe with Azure....
I was receiving the same exception and in my case I had to add permission for my IOS Push Services certificate.
Right click on the certificate in mmc -> All Tasks -> Manage Private Keys...
I added NETWORK SERVICE because the iis application pool of my web app used that account.
See for more details: http://blog.falafel.com/apple-push-notifications-certificates-and-iis/
Related
I´m somehow new in the world of the self signed certs. I´m not sure that using one of this is posible to test my angular front. Looks like in my back all works fine with the same self-signed openssl generated certs.
When I access to https:// the login screen appears as normally but console throw back this error logs:
An SSL certificate error occurred when fetching the script.
Service worker registration failed with: DOMException: Failed to register a ServiceWorker for scope ('https://192.168.154.136/es/') with script ('https://192.168.154.136/es/ngsw-worker.js'): An SSL certificate error occurred when fetching the script.
And when trying to log in with a existent user:
POST https://192.168.154.135:3333/api/login/common net::ERR_CERT_COMMON_NAME_INVALID.
If someone have being in the same type issue or similar, it would be a pleasure to hear about.
What we are trying to do is send an email from a pod (running Linux based on the image "microsoft/dotnet") on a client's Openshift environment using MailKit:
https://github.com/jstedfast/MailKit
We get an exception thrown when trying to set up the SSL Handshake:
MailKit.Security.SslHandshakeException: An error occurred while
attempting to establish an SSL or TLS connection.
System.Security.Cryptography.CryptographicException: Error occurred
during a cryptographic operation
We have tried using the.NET SMTP client as well and it worked (using a secure connection)! Unfortunately this component is now obsolete and Microsoft recommends to use MailKit.
Going through the .NET source code the exception raised is a generic catch all exception which looks like it comes from unexpected code returned from the OpenSSL library. Unfortunately I can't see how to get the error code (it is logged using "Debug.Fail", but I am unable to setup a trace to see it) so I am not sure what it is.
I have written a test just to build the X509Chain. When we have the Revocation Mode set to Online (the default) we get the exception. When the revocation is disabled it seems to build the chain OK.
When I run the test on our Test Openshift environment that is totally independent to the client's we get the following error, but do not see the exception: "unable to get certificate CRL"
The only thing I have noticed about the Revocation List is that there is a LDAP and HTTP URLs. Perhaps there is an issue processing the LDAP URL?
Any help on this would be appreciated!
This is something you should report to github.com/microsoft/dotnet
I am adding Windows Azure Storage to my ASP.Net application. I am using NetStandard 1.4 and am building on MacOS.
I have the following as my connection string, as recommended by learn.microsoft.com:
DefaultEndpointsProtocol=http;AccountName=XXXXXX;AccountKey=XXXXXX
I am connecting with a new Azure Storage account and have confirmed that my account name and account key are correct. Right before the call to create the table, I added a WriteLine to display the CloudStorageAccount's connection string URI just to make sure it is correct. It has the hostname.
I am getting the following error when performing "dotnet run".
Unhandled Exception: System.Reflection.TargetInvocationException:
Exception has been thrown by the target of an invocation. --->
System.AggregateException: One or more errors occurred. (An error
occurred while sending the request.) --->
Microsoft.WindowsAzure.Storage.StorageException: An error occurred
while sending the request. ---> System.Net.Http.HttpRequestException:
An error occurred while sending the request. --->
System.Net.Http.CurlException: Couldn't resolve host name
Setting explicit table storage endpoint (TableEndpoint=XXX.table.core.windows.net) didn't work either.
Are there any other reasons why Curl will fail when connecting to XXX.table.core.windows.net?
To try capture the network trace for troubleshooting? And try to ping XXX.table.core.windows.net? Is it because the DNS cache not refreshed?
We have an application that auto-generates a certificate and binds it, using httpapi, to a selected port. Under Windows 7, and 2003/2008 Servers this works like a charm. The certificate can also be rebound to other ports by un-binding, then binding to the new port.
Under Windows 8, however, only unbinding from the old port succeeds. An attempt to bind the certificate to the new port value fails with error code 1312 revealing the message "A specified logon session does not exist. It may already have been terminated."
What's odd here is that when trying to add a bound certificate through netsh it also fails, in elevated console, with the same error and message ("SSL Certificate add failed, Error: 1312|A specified logon session does not exist. It may already have been terminated."), regardless to the port number.
To add suspense, the application has an installer that initially binds the certificate on install, and unbinds it on uninstall. And this thing never fails! The installer works in "Windows 7" operating system context, while the application is under "Windows Vista", if this can be a clue. The console is under "Windows 8" context.
Has anyone had a similar problem under this OS? Any ideas why this might be happening?
Any help is highly appreciated, thank you in advance!
In our certificate generating code, we used X509Store class' methods to add the certificate to the store. Under Windows 8 this rendered the certificate "untrusted" even if the application was run as administrator. The cause might be either different implementation of the class in .NET 4.5 or imposed limitations due to the OS context the application was running in.
Solved the problem by invoking "certutil.exe" through a Process class to add the certificate to the store.
I am new to Adobe AIR and I was following the steps given in the site :
"http://net.tutsplus.com/tutorials/tools-and-tips/introduction-to-adobe-air/", to create my first AIR application.
I was almost successful in creating my first AIR application but at the last step of Deploying AIR Application, after the successful creation of certificate when I am trying to create the.air file. I am getting the error :
"Could not generate timestamp: Connection refused: connect".
Can you please help me in resolving the issue as soon as possible.
As a short-term workaround, you can specify "-tsa none" on the ADT command line. (If you are using Flash Pro or Builder, there should be an option in the UI). -tsa none disables timestamps.
A timestamp requires an internet connection in order to get a signed timestamp token from a server. This is used to verify that your certificate was valid when the app was signed. Without a timestamp, your app won't be installable after your code signing certificate expires. With a timestamp, your app installer will not expire.
Proxy connections are sometimes the issue. Since ADT is a Java program, you have to configure the Java proxy settings if this is the source of the trouble.