Unable to update APNS certificate

Hello there,

I've been trying to update my APNS setup for my enterprise app.  

  • I have created a production cert (verified that the certificate is under the "Production SSL Certificate").
  • I then added that to the keychain and exported it as a .p12.

When I try to upload it to the API I get the error "You uploaded a development certificate for a production app!".  I checked the cert and expected to see that it was a production cert.  Instead I see 2 extensions in the cert:

Extension Apple Push Service Client (Development) 

Extension Apple Push Service Client (Production) 

I even tried creating a second production cert and I got the same result.  Any ideas why this might be happening?

Didn't find what you were looking for?

New post

Comments

33 comments

  • Hi Jon,

    Usually when there are errors like that, it could mean that the export of the .p12 might be the issue.

    When you are exporting the .p12 from your keychain, are you exporting the private key, or are you exporting the full certificate and the private key included? In your keychain, you should be exporting the top-level certificate, and not the private key, if that's the case.

    Comment actions Permalink
    1
  • Hey Michael,


    That was the issue, it wasn't letting me export to .p12 unless I did some special selecting, but that seems to have resolved the issue.  

    Thanks!

    Comment actions Permalink
    0
  • No problem!

    Comment actions Permalink
    0
  • Hello, I exported the top level certificate as a .p12 file as well and I'm still having this issue. Is there anything else I could be doing wrong that I could fix? 

    Comment actions Permalink
    0
  • Najia,

    Are you receiving the same error?

    If so, make sure that the certificate you're exporting from your keychain is from the correct Production or Development certificate.

    That is, you cannot upload a Development certificate to a Production Urban Airship app. 

    Likewise, you cannot upload a Production certificate to a Development Urban Airship app.

    If you have those correct, make sure that the certificate was created from your machine. If the certificate was created from another machine/user, then you may not be able to download and export the .p12 correctly.

    Comment actions Permalink
    0
  • Hey Michael,

    I have a Production Certificate (Apple Push Service Client) but it won't recognize it as production. Likewise, when I tried uploading it to a development project it recognized it as production. 

    This certificate was made using the Apple ID identifier and applying it to my machine (I'm pretty sure I followed the procedure given on this page https://support.urbanairship.com/hc/en-us/articles/213493683-How-to-make-an-Apple-Pass-Type-Certificate)



    Comment actions Permalink
    0
  • Najia,

    In your Keychain, can you see what the name of the certificate says?

    Is it:

    1) Apple Production iOS Push Services: <Bundle ID>

    Or

    2) iPhone Distribution: <Developer>

    If it's the first one, do you see an expansion arrow to the left of it? Or, is it blank?

    Comment actions Permalink
    0
  • Hey Michael,

    All I'm seeing is "Apple Worldwide Developer Relations Certification Authority" 

    Comment actions Permalink
    0
  • Najia,

    That certificate is not the correct certificate to be used for Push Notifications.

    That certificate is usually used to sign the Certificate Signing Request when requesting a certificate on your Mac. This should already be on your systems if you have Xcode installed.

    In addition to that, if you're trying to create a certificate for push, and not for Apple Wallet (which was the link you posted previously), you'll need to follow our APNS Setup guide instead.

    Comment actions Permalink
    0
  • Michael,

    I tried creating a reach account so I could go through the procedure and attach the proper certficate, however I'm still having trouble registering. Both emails I've used were registered however once I asked for an email the server either rejected my request or said it'd send an email reseting a password and I never got it. 

     

    Comment actions Permalink
    0
  • Najia,

    Are you able to navigate to this page? If so, what does the page show?

    Have you already tried registering for a Reach account here?

    Comment actions Permalink
    0
  • I get an error when I go to that page and yes that's the page I made an account on. 

    Comment actions Permalink
    0
  • Najia,

    Would you be able to screenshot the error and post it here? Seeing the error and anything you're running into will give me a better idea of what you're seeing.

    Comment actions Permalink
    0
  • For the email it just won't send a password reset to my email. 

    Comment actions Permalink
    0
  • Najia,

    I've manually sent a password reset email to your account. Please let me know if you receive it. 

    Make sure to also check your spam/junk filters, or any other custom filters you may have set up.

    Comment actions Permalink
    0
  • The page the manual reset sent me too is not working. I've also tried signing up with separate accounts and on each one I sign up, get sent a verification email, get sent to a page that asks me for a password (that I never set) and then when I ask to reset my password it says my email is not found. 

    Comment actions Permalink
    0
  • Najia,

    I think I see the issue you're running into.

    Is the URL that the link in the email taking you to: https://fly.customer.io/users/login ?

    If so, instead of directly clicking on the link, try copying the entire URL as it appears in your email, and paste it into your web browser. Once you're there, it should ask you to set up a password for your account.

    Comment actions Permalink
    0
  • Okay it worked!
    I was able to make a password, login and create a template, however I'm still running into server errors in the website, would I be able to email you or can we just keep talking over here? 

    Comment actions Permalink
    0
  • Najia,

    Unless you have a paid enterprise plan, we'll have to continue working on this thread.

    Would you be able to screenshot the Server Error you're seeing?

     

    Comment actions Permalink
    0
  • I say "send test pass" put in the default email, and then press okay and this comes up

    Comment actions Permalink
    0
  • Najia,

    Just to confirm, you've already uploaded your Apple Wallet certificate to your account, correct?

    Comment actions Permalink
    0
  • Yes I have. It's listed in my iOS certificate page. 

    Comment actions Permalink
    0
  • Najia,

    Apologies for the 20 questions, but could you get the Web Console logs when that Server Error pops-up?

    That should give me some more detailed info on whats happening in the background when that occurs.

    Comment actions Permalink
    0
  • Hey Michael, 

    This is the error I'm getting every time I try to send an email to myself

    [Error] Failed to load resource: the server responded with a status of 500 (Internal Server Error) (apple_pass, line 0)

    Comment actions Permalink
    0
  • Najia,

    I just wanted to make sure, you didn't upload the "Apple Worldwide Developer Relations Certification Authority" certificate from before, correct?

    You created a new certificate by following these steps, correct?

    Comment actions Permalink
    0
  • Hey Michael, 

    I'm pretty sure I'm using the right pass type cert. I regenerated it again to make sure. I've tried using the REST API to create a pass and got a 403 error. I have a free account, so is there a way to generate a test pass without using the web interface? The 500 error I'm getting on the web interface for making a test pass seems unrelated to the certificate. Would the interface for accepting a p12 even accept a non pass type certifcate?

    Comment actions Permalink
    0
  • Najia,

    Yes, the dashboard can accept a non pass type certificate, so if the certificate is not correct, that could very well cause the Test Pass functionality to not work properly (Since it's not a proper certificate).

    Comment actions Permalink
    0
  • Hi Team,

    I got the same error in submitting the .p12 certificate.I am pretty sure  my certificate is production. can you please help me. Awaiting for your response.Thank you in advance  

    Comment actions Permalink
    0
  • Hi Lauren,

    When you exported the .p12 from your keychain, do you recall if you chose the top-level object for your certificate, or sub-level object in the certificate(expanding the arrow and clicking the lower-level object in the cert)?

    Comment actions Permalink
    0
  • Hi Michael, I'm having the same problem, I'm getting "You uploaded a development certificate for a production app!" when trying to update an expiring certificate. The certificate I'm exporting from the keychain is of type "iPhone Distribution" and it worked fine to upload the app to AppStore with it so it should be OK.

    Comment actions Permalink
    0

Please sign in to leave a comment.