How to check your APNS push certificate environment types

We recommend creating two separate apps with different environments: one for development and one for production. This means that you'll have a certificate for development and a certificate for production, with a provisioning profile for each unique bundle ID. 

I'm getting the error You're trying to upload a <> certificate for a <> application

This is an indication that the environment for the Personal Information Exchange (.p12) file does not match the app environment in the Urban Airship Go Dashboard. A development app requires a development certificate, and a production app requires a production certificate. Issues can arise when a development certificate is mistakenly provisioned as a production certificate and can cause push notifications to fail. 

For more information see our documentation on Production vs Development Apps in Urban Airship.

How to check if your .p12 file represents a development or production certificate

Use either Keychain Access or OpenSSL on the terminal command line. 

1. To read .p12 properties using Keychain Access:

Drag the .p12 into the keychain, right click on it, and select Get Info:

Screen_Shot_2013-04-17_at_4.25.05_PM.png

The information in the popup under Extension will indicate the type of Certificate.

 

When I upload my .p12 file I'm getting the error message The certificate you supplied is invalid

You might see this error if you're uploading a Provisioning Profile rather than an Apple Push Services Certificate. Here's how these types of certificates look different in the Apple Developer Portal:

 

iOS Certificates.png

 

The above example shows a list of certificates:

  • Push Services Certificates (like the one indicated with a green arrow) will have APNs in the Type column and your app's bundle id in the Name column. This is what you'll download for use in the Urban Airship Go Dashboard. 
  • Provisioning Profiles will have the Developer's Name in the Name column.

 

2. To parse a .p12 file with OpenSSL on the command line:

Open a terminal window, and type the following:

$ openssl pkcs12 -in <.p12 file location, or drag/drop file> -info -nokeys

  
You’ll see the output contains information about the .p12. This includes the server information for whether your certificate is development or production in the subject line. For example:

$ subject=/UID=com.urbanairship.pushXXX/CN=Apple Development IOS Push Services: com.urbanairship.pushXXX/C=US issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple WorldwideDeveloper Relations Certification Authority


To parse a signed certificate returned from Apple:

$ openssl x509 -inform pem  -in <filename.cer> -noout -text


The output will be like the one above. Mobile provisioning files are pkcs7 in DER format, and you can see the associated certs:

$ openssl pkcs7 -in name.mobileprovision -inform DER  -text -print_certs

 

Related Content: