locked
APNS dev cert upload fails (400 Bad Request, call to SSPI fails) with Sandbox selected, succeeds for Production RRS feed

  • Question

  • Hello,

    Has anyone else run into this issue?

    When I upload the development certificate to the Notification Hubs, select 'Sandbox', then click 'Save', I get the following error:

    (Error text: Error updating notification hub. Subcode=40000. Failed to validate credentials with APNS. A call to SSPI failed, see inner exception... code Bad Request) [I can't upload a picture of it until account verification]

    When I have 'Production' selected, however, it succeeds. 

    I have tried the following:

    * confirmed that the certificate is valid (not expired or revoked; I created it ~6 hours before I write this).
    * confirmed that the certificate is the development certificate and not intended for production.
    * creating a fresh instance of Notification Hubs and attempting to upload the certificate to it. 
    * confirmed that when the .p12 is exported from the Mac keychain, only the certificate is selected for export (i.e. the private key is excluded). 
    * created a .p12 without a password during export; during upload, type in characters into the Azure 'password' field then delete them to leave it blank, before clicking 'Save' (it worked for a couple people on Stack Overflow).
    * creating a .12 with a password during export. 

    ###

    Previously, on the original instance of Notification Hubs, I was also able to switch between 'Production' and 'Sandbox' (somehow) just by toggling the switch, and confirmed the devices were receiving push notifications in Release builds and Debug builds respectively. 

    I received this error Friday for the first time when attempting to switch back to 'Sandbox' on the NH.

    Earlier Friday I had regenerated my Ad Hoc Distribution provisioning profile to add a new device to it, but I am not sure that is supposed to affect the Apple Push Services in any way. 

    I've turned nearly every Stack Overflow and other Google link purple trying to find out if anyone else has had this error, but no luck so far. 

    Monday, March 11, 2019 9:16 PM

Answers

  • Microsoft will start rollout of a hotfix later today after one more test. It still works in APNS Production though - only Sandbox has the issue.

    • Marked as answer by hnguyen_hwi Wednesday, March 13, 2019 2:20 PM
    Tuesday, March 12, 2019 5:25 PM

All replies

  • Can you try testing out your certificate with steps at https://developer.apple.com/library/archive/technotes/tn2265/_index.html#//apple_ref/doc/uid/DTS40010376-CH1-TNTAG31. Use the steps for binary api provider.
    Tuesday, March 12, 2019 1:51 AM
  • Microsoft will start rollout of a hotfix later today after one more test. It still works in APNS Production though - only Sandbox has the issue.

    • Marked as answer by hnguyen_hwi Wednesday, March 13, 2019 2:20 PM
    Tuesday, March 12, 2019 5:25 PM
  • Jagan, thanks for your suggestion. The certificate seems to be valid, as the TLS/SSL handshake was successful (see output snippet below)

    SSL handshake has read 4181 bytes and written 2401 bytes
    ---
        [removed]
        Start Time: 1552486534
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    ---

    I will wait for the hotfix. Thank you.

    Wednesday, March 13, 2019 2:20 PM
  • Thank you!
    Wednesday, March 13, 2019 2:20 PM
  • Jagan, thanks for your suggestion. The certificate seems to be valid, as the TLS/SSL handshake was successful (see output snippet below)

    SSL handshake has read 4181 bytes and written 2401 bytes
    ---
        [removed]
        Start Time: 1552486534
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    ---

    I will wait for the hotfix. Thank you.

    Apologies for the delay! The hot fix was rolled out and the issue was mitigated long back. Kindly do let us know if you need any further assistance.  

    Monday, April 8, 2019 6:13 PM
  • Hi,

    We are facing the same issue.  Followed all the steps mentioned as per the documentation. Unable to upload the .p12 sandbox/development certificate.

    {"error":{"message":"SubCode=40000. Failed to validate credentials with APNS. A call to SSPI failed, see inner exception...TrackingId:07ca6027-980a-49d6-ade6-8f4a75b53f10_M4CH3_M4CH3_G21,TimeStamp:6/9/2020 7:37:02 AM","code":"BadRequest"}}

    Tuesday, June 9, 2020 11:08 AM