Iphone推送通知 - 服务器SSL和推送证书,有和没有MAC

I've spend days now, trying to get a basic push notification test working, without any success. I got the same thing working for android in half an hour or so.

Things I've tried (without mac).

  1. create public private key using linux/open ssl
  2. create push certificate signing request
  3. send it to apple for signing
  4. download the push_certificate from apple, and convert it to .pem using private key.
  5. create another private/public key pair
  6. create self signed ssl certificate for apache2/php https.

Now, the confusing part is... in the code below, which certificate goes where?

Does my server even need an HTTPS connection at all? Can it be self-signed.

My simple demo looks like this (with some vars cropped out for simplicity):

$ctx = stream_context_create();
stream_context_set_option($ctx, 'ssl', 'passphrase', 'my_appache2_pass');
stream_context_set_option($ctx, "ssl", "local_cert", '/etc/apache2/ssl/mywebsite.com.pem');
stream_context_set_option($ctx, "ssl", "allow_self_signed", true);
stream_context_set_option($ctx, "ssl", "verify_peer", true);
stream_context_set_option($ctx, "ssl", "cafile", '/etc/apache2/ssl/Entrust.net-Certification-Authority-2048.pem');


$fp = stream_socket_client("tls://gateway.sandbox.push.apple.com:2195", $errno, $errstr, 60, STREAM_CLIENT_CONNECT|STREAM_CLIENT_PERSISTENT, $ctx);

//errors i keep getting 
[Sat Oct 03 21:00:46.852453 2015] [:error] [pid 17460] [client 217.159.180.56:52870] PHP Warning:  stream_socket_client(): SSL: Connection reset by peer in /var/www/html/ezleads_api/ApnsPHP/test.php on line 28
OR
[Sat Oct 03 21:01:36.033972 2015] [:error] [pid 17467] [client 217.159.180.56:52877] PHP Warning:  stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /var/www/html/ezleads_api/ApnsPHP/test.php on line 28
[Sat Oct 03 21:01:36.034157 2015] [:error] [pid 17467] [client 217.159.180.56:52877] PHP Warning:  stream_socket_client(): Failed to enable crypto in /var/www/html/ezleads_api/ApnsPHP/test.php on line 28
[Sat Oct 03 21:01:36.034398 2015] [:error] [pid 17467] [client 217.159.180.56:52877] PHP Warning:  stream_socket_client(): unable to connect to tls://gateway.sandbox.push.apple.com:2195 (Unknown error) in /var/www/html/ezleads_api/ApnsPHP/test.php on line 28

So, in total, I have 3 certificates:

  1. To enable HTTPS connection for Apache2
  2. push_cert.pem downloaded and converted from apple
  3. Root Certificate downloaded and signed/exported from entrust.net.

At the moment, I'm using only 2 of the certs.

How and where am I supposed to include those certs?