Hi, openssl experts!
It's required to transfer data to Apple Push service that is located at
gateway.sandbox.push.apple.com:2195. I'm given the certificate and private
key both included in Certificate_and_key.pem. Trying to connect:
$ openssl s_client -connect gateway.sandbox.push.apple.com:2195 -CAfile
> EntrustCA.pem -cert Certificate_and_key.pem
Server's certificate is passed successfully (with CA included in
EntrustCA.pem) but the error is following:
140735074831484:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown:s3_pkt.c:1193:SSL alert number 46
140735074831484:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:184:
I tried to google about alert 46, but found only that "something wrong with
client's certificate". Is it possible to get more details about failure?
Below is some info that might probably be helpful. I read about X509v3
extensions just tonight, and it's not clear for me by far if extensions
could relate to my problem:
$ openssl verify -CAfile AppleCA.pem Certificate_and_key.pem
. . .
error 34 at 0 depth lookup:unhandled critical extension
OK
$ openssl x509 -in Certificate_and_key.pem -text -noout -purpose
here are all extensions marked as "critical":
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage: critical
Code Signing
X509v3 Key Usage: critical
Digital Signature
. . .
Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : No
SSL server CA : No
Netscape SSL server : No
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : No
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
Time Stamp signing : No
Time Stamp signing CA : No
maybe, the "SSL client : No" line is related to connection failure?
Much thanks in advance!
--
WBR,
Timur
