Local Error -1200 creating push certificates in the server. Any idea ?

In the server Application


When you try to renew or create a push certificate comes up with the error "Local Error -1200 creating push certificates" in the server. Any idea ?"

Mac mini, OS X Mountain Lion (10.8.5)

Posted on Aug 13, 2016 5:11 AM

Reply
14 replies

Aug 15, 2016 1:34 AM in response to antony2016

I'm having the same problem with 10.7.5 server. (two of them)

During the renewal I watched the Console and I think the SSL certificate of the Apple servers is no longer trusted.

(or the Server versions are to low)

Aug 15 10:23:08 login.********** servermgrd[23349]: Got connection error: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo=0x7fb8f5aab9a0 {NSUnderlyingError=0x7fb8f15af450 "An SSL error has occurred and a secure connection to the server cannot be made.", NSErrorFailingURLStringKey=https://identity.apple.com/pushcert/caservice/renew, NSErrorFailingURLKey=https://identity.apple.com/pushcert/caservice/renew, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}

Aug 15 10:23:08 login.********** servermgrd[23349]: Request for push certificate failed: reason = Local, error code = -1200, error = Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo=0x7fb8f5aab9a0 {NSUnderlyingError=0x7fb8f15af450 "An SSL error has occurred and a secure connection to the server cannot be made.", NSErrorFailingURLStringKey=https://identity.apple.com/pushcert/caservice/renew, NSErrorFailingURLKey=https://identity.apple.com/pushcert/caservice/renew, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}


So not yet an idea, but hopefully with these console outputs we get somewhere?

Aug 15, 2016 2:19 AM in response to joostvanriel

Maybe this wil do the trick:

· check what certificate your notification service thinks it's using:


mymac:~ waider$ sudo serveradmin settings notification:sslKeyFile

notification:sslKeyFile="/etc/certificates/mymac.mydomain.com.BADBADBADBADBADBAD BADBADBAD.concat.pem"

mymac:~ waider$ sudo serveradmin settings notification:sslCAFile

notification:sslCAFile="/etc/certificates/mymac.mydomain.com.BADBADBADBADBADBADB ADBADBAD.chain.pem"


The Push Certificate is not corresponding with the SSL certificate.

Aug 23, 2016 4:40 AM in response to antony2016

I have exactly the same problem. OS X 10.8.5, Server 2.2.5. In the system.log I have same errors as joostvanriel. Connection error Error Domain=NSURLErrorDomain, NSErrorFailingURLStringKey=https://identity.apple.com/pushcert/caservice/renew, NSErrorFailingURLKey=https://identity.apple.com/pushcert/caservice/renew, Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."

It looks like this is a problem with TLS 1.2 connection. Safari from server machine also cannot connect to the specified URL manually because TLS 1.2 connection are not supported by that Safari version on 10.8.5. It looks like apple identity servers require TLS 1.2, but OS X 10.8.5 doesn't support it.


So, I'm unsure the problem can be solved with anything on client side. No manipulations with certificates or Time Machine on the client can help as Apple certificate signing servers are simply unreachable. Apple must do something. Any Apple representative? I'm soon going to end up with no push notifications, terrible. Same problem reported here: local error -1200 push certificate - no solution.

Sep 7, 2016 12:48 AM in response to thanospc

thanospc, no. I decided to spend the remaining time before certificate expires to upgrade to El Capitan and solve the problems of upgrading if any. Basically, after upgrade there were no major ones. Postfix and Apache required some minor tweaking though. Also, Postgresql stopped working for user created roles and tables, I had to install separate instance with homebrew for that. (After upgrade I renewed the push certificate, however somehow I had to use alternative e-mail address connected to the same Apple ID as a login name to succeed. Otherwise there was an error (-1000... something). No re-enrollment for devices were necessary after that.)

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Local Error -1200 creating push certificates in the server. Any idea ?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.