There are many possible reasons why your iOS users are not receiving push notifications. This article lists the most common of them.
- Q: What does the "Apple notification service connection couldn't be established due to invalid key/certificate." failure message mean?
- Possible cause: Using an iOS certificate for the wrong environment
- Possible cause: Using a wrong iOS certificate
- Possible cause: Expired iOS certificate
- Possible cause: Device is not registered in the backend
- Possible cause: Device is marked as inactive in the backend
- Possible cause: You are not targeting the correct platform
- Possible cause: The user device has no network connectivity
Q: What does the "Apple notification service connection couldn't be established due to invalid key/certificate." failure message mean?
A: Apple Push Notification service (APNs) responds that the server certificate used to initiate the TLS connection is not valid.
See Possible Cause: Possible Cause: Using a Wrong iOS Certificate
Apple issues different SSL certificates for Development and Production purposes. You need to observe which one you use at any time or your devices will not be able to receive push notifications.
Ensure that the type of the certificate that is selected as Active in Telerik Platform matches the type of the iOS Provisioning Profile and the type of the iOS certificate that you use to sign the app.
For example, if you have signed your app using an iOS App Development certificate on a Development Provisioning Profile you need to upload and activate an "Apple Push Notification service SSL" Development iOS certificate in Telerik Platform. Both certificates must be issued for the same App ID.
Apple issues different SSL certificates for server deployment and app signing. You need to observe which one you upload to Telerik Platform.
Ensure that the active certificate in Telerik Platform is "Apple Push Notification service SSL" (for example
Apple Production IOS Push Services - com.example.sampleapp.p12), which is a server certificate, and not a client certificate that is used to sign apps.
An iOS certificate cannot be used for sending push notifications after its expiration date has passed. iOS certificates can also be inactive because they were revoked or invalidated.
Sign in to Apple's Developer Center and ensure that your provisioning or development profile is active and that the respective certificates have not been expired, revoked, or invalidated.
In addition to registering a device with Apple Push Notification Service (APNS), you need to register it with Telerik Platform as well.
To understand the concept of sending push notifications through Telerik Platform, see Introduction to Push Notifications.
To learn how to register a device, see Initializing and Registering a Device.
A device will be marked as "active: false" when its token is returned as invalid after sending a push notification to it. This could happen for the following reasons:
- The server certificate (such as the "Apple Push Notification service SSL") that you are using is for a Development Provisioning Profile, but the app is using an Production Provisioning Profile and the push token has been issued for Production (or the other way around)
- The token is not a valid token issued by APNs
- The "Apple Push Notification service SSL" certificate used on the server has expired or is not valid anymore (for example, has been revoked)
- The user has uninstalled your application
Double-check the client and server certificates and Provisioning Profiles and their validity in the iOS Dev Center.
You can resolve some of the cases by taking these steps: 1. Rebuild and redeploy the app with the proper certificate and Provisioning Profile. 2. Reregister the device with Telerik Platform.
Telerik Platform allows you to send a push notification to multiple platforms.
- When using the portal to send a push notification: Ensure that you selected either Broadcast or Platform Specific: iOS.
- When sending a push notification programmatically: Ensure that you have included a dedicated section for IOS or at least the default-sink Message value. See Push Notification Object Field Reference for details.
In addition to having Internet access, the device must have unrestricted access to TCP port 5223 used by the Apple Push Notification service (APNs).
When the device is connecting to APNs over WiFi ensure that no firewalls are blocking inbound and outbound TCP packets over port 5223.