Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Submit commands ----> SSLError: [Errno 336265225] _ssl.c:347: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib #6

Open
nguyennd56 opened this issue Jul 10, 2014 · 9 comments
Open

Submit commands ----> SSLError: [Errno 336265225] _ssl.c:347: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib #6

nguyennd56 opened this issue Jul 10, 2014 · 9 comments
Labels
bug

Comments

@nguyennd56
Copy link

ADDED COMMAND TO QUEUE: a5c3ce16-7327-4ff5-87f5-09c8fb0fac0e
_Adding CMD: a5c3ce16-7327-4ff5-87f5-09c8fb0fac0e to device: <--redacted-->
STORING DEVICES...
Traceback (most recent call last):
File "C:\Python27\lib\site-packages\web.py-0.37-py2.7.egg\web\application.py", line 239, in process
return self.handle()
File "C:\Python27\lib\site-packages\web.py-0.37-py2.7.egg\web\application.py", line 230, in handle
return self._delegate(fn, self.fvars, args)
File "C:\Python27\lib\site-packages\web.py-0.37-py2.7.egg\web\application.py", line 420, in _delegate
return handle_class(cls)
File "C:\Python27\lib\site-packages\web.py-0.37-py2.7.egg\web\application.py", line 396, in handle_class
return tocall(_args)
File "C:\Users\nguyennd\Documents\MDM\mdm-server-backup\server\server.py", line 329, in POST
queue(cmd, UDID)
File "C:\Users\nguyennd\Documents\MDM\mdm-server-backup\server\server.py", line 316, in queue
wrapper.notify()
File "build\bdist.win32\egg\APNSWrapper\notifications.py", line 194, in notify
apnsConnection.connect(apnsHost, self.apnsPort)
File "build\bdist.win32\egg\APNSWrapper\connection.py", line 215, in connect
self.context().connect(host, port)
File "build\bdist.win32\egg\APNSWrapper\connection.py", line 161, in connect
self.connectionContext.connect((host, port))
File "C:\Python27\lib\ssl.py", line 295, in connect
self.ca_certs, self.ciphers)
SSLError: [Errno 336265225] _ssl.c:347: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
@thrasr
Copy link

thrasr commented Jul 10, 2014

It looks like something is wrong with your PushCert.pem file, though its hard to tell exactly what is wrong. Having a blank PushCert.pem or not having a PushCert.pem will give similar, but not identical errors - so my guess is that the PushCert.pem file wasn't created correctly or has been corrupted somehow.

Can you look at your PushCert.pem and see if it follows the general format below? There will be various attributes and data in the "..." areas, but does your PushCert.pem have all of the sections below? If you want, you can post the contents PushCert.pem file, however it contains sensitive data so you'll need to redact a lot of the information - be very careful about posting the data (especially RSA private keys) online.

Bag Attributes
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Bag Attributes
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Bag Attributes
...
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
Bag Attributes
...
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

@nguyennd56
Copy link
Author

My PushCert.pem just have this section
-----BEGIN CERTIFICATE-----
.................................
-----END CERTIFICATE-----
push_cer

@nicolla1003
Copy link

Hi,
I had exact same problem.
PushCert.pem is created from the customer.csr which you have uplaoded on AppleDeveloper Member Center.
What you need to do is to open all certificates (crt, p12, pem files) in Keychain on your computer.
Then you will have in Keychain something like "APSP:key_from_apns".
There will be certificate and private key.
Extract that file in p12 format without the passcode, just live it blank.

After that you need to execute some openssl commands to extract certificate and private key pem files.
Commands are:
openssl pkcs12 -in yourP12File.p12 -nocerts -out privateKey.pem
openssl pkcs12 -in yourP12File.p12 -clcerts -nokeys -out publicCert.pem

You will need to set passcode for private key in previous process.
After that use the following command to remove that passcode:
openssl rsa -in privateKey.pem -out newkey.pem

Last step is to merge files publicCert.pem and newkey.pem in one pem file.
Open both files in some text editor.
Copy all content from newkey.pem file and add that in the begining of the publicCert.pem file.
Content of the PublicCert.pem should look like this:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
Bag Attributes
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

Rename that file to be PushCert.pem and replace it in server folder.
Now server will use this file to send commands to the child devices.

That's it.

@thrasr thrasr added the bug label Jul 14, 2014
@gavin-black
Copy link
Member

Hi @nicolla1003 thanks for helping work through this issue. If you don't mind we'll update the readme based on your advice, since it seems like multiple people are running into this. @nguyennd56 did this end up resolving your problem, or still stuck on the PushCert step?

@nicolla1003
Copy link

You are free to use and update the read me. I am glad to help.

@nguyennd56
Copy link
Author

@gavin-black I have solved this problem, server run without errors,
@nicolla1003 Can you help me.
But I have an other stuck. Server run without errors, but devices can not run any requested command from server. It seems like as this stuck that the guy in this video http://youtu.be/n7cGB7U2PJw But I am not clear about how he solve it (resolution of videos so bad).

@thrasr
Copy link

thrasr commented Aug 7, 2014

@nguyennd56

So the server is running correctly, yes? You've gone to the server in safari on the device and it looks like this?

enroll

While on the device, you have clicked to install both the CA cert and then to enroll your device? After doing so, can you see your device on the server? If not, theres a problem enrolling. If you can see your device - check the box on the left of the device and select the DeviceLock command. Click send.

After going through that process, can you send me what the server has been outputting to the terminal? Any screenshots you can take of the webpage or terminal while going through the process might help as well.

It looks like the problem in the video that you linked was due to a proxy or firewall of some sort. Do you know if you are running the server from a location that would be using a proxy or a heavy-duty firewall? If so, try running the server elsewhere to see if you can avoid the proxy.

@nguyennd56
Copy link
Author

@thrasr Sorry I not immediately reply the result. I have configure successfully. I just haven solved that problem that just issue as format of pushcert.pem as way of @nicolla1003 and do step by step as guide.

@bravewolf
Copy link

@nicolla1003, How to fix it on ubuntu?. My computer doesn't have keychain access. Can I make P12File.12 by OpenSSL?

@nguyennd56 nguyennd56 reopened this Sep 8, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gavin-black @thrasr @nicolla1003 @bravewolf @nguyennd56