Hi, openssl experts! It's required to transfer data to Apple Push service that is located at gateway.sandbox.push.apple.com:2195. I'm given the certificate and private key both included in Certificate_and_key.pem. Trying to connect:
$ openssl s_client -connect gateway.sandbox.push.apple.com:2195 -CAfile > EntrustCA.pem -cert Certificate_and_key.pem Server's certificate is passed successfully (with CA included in EntrustCA.pem) but the error is following: 140735074831484:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert > certificate unknown:s3_pkt.c:1193:SSL alert number 46 140735074831484:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:184: I tried to google about alert 46, but found only that "something wrong with client's certificate". Is it possible to get more details about failure? Below is some info that might probably be helpful. I read about X509v3 extensions just tonight, and it's not clear for me by far if extensions could relate to my problem: $ openssl verify -CAfile AppleCA.pem Certificate_and_key.pem . . . error 34 at 0 depth lookup:unhandled critical extension OK $ openssl x509 -in Certificate_and_key.pem -text -noout -purpose here are all extensions marked as "critical": X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: critical Code Signing X509v3 Key Usage: critical Digital Signature . . . Certificate purposes: SSL client : No SSL client CA : No SSL server : No SSL server CA : No Netscape SSL server : No Netscape SSL server CA : No S/MIME signing : No S/MIME signing CA : No S/MIME encryption : No S/MIME encryption CA : No CRL signing : No CRL signing CA : No Any Purpose : Yes Any Purpose CA : Yes OCSP helper : Yes OCSP helper CA : No Time Stamp signing : No Time Stamp signing CA : No maybe, the "SSL client : No" line is related to connection failure? Much thanks in advance! -- WBR, Timur