Heroku 丢失 GeoTrust Global CA 根证书
[英]Heroku lost GeoTrust Global CA root certificate
问题描述
Heroku somehow lost its GeoTrust Global CA root certificate, which is needed to use push notifications with Apple's servers. 
Heroku 不知何故丢失了 GeoTrust Global CA 根证书,这是在 Apple 服务器上使用推送通知所必需的。 I found the certificate here but I'm not sure how to install it in my Heroku application.我在这里找到了证书,但我不确定如何在我的 Heroku 应用程序中安装它。 I tried adding it as an SSL certificate via the application's settings, but it says I need a private key - where would I get that for a root certificate?我尝试通过应用程序的设置将其添加为 SSL 证书,但它说我需要一个私钥 - 我在哪里可以获得根证书? Or am I supposed to add this somewhere else?还是我应该在其他地方添加这个?
I should specify that my app is a golang app.我应该指定我的应用程序是一个 golang 应用程序。
3 个解决方案
解决方案1
1 2021-02-11 13:50:39
I redefined sideshow/apns2 client factory function to include GeoTrust CA in rootCAs and apple`s apns server became reachable to my app on Heroku.我重新定义了 sideshow/apns2 客户端工厂 function 以在 rootCA 中包含 GeoTrust CA,并且我在 Heroku 上的应用程序可以访问苹果的 apns 服务器。
const (
GeoTrustCACert = "<path to GeoTrust_Global_CA.pem>"
)
func newCertPool(certPath string) (*x509.CertPool, error) {
rootCAs, _ := x509.SystemCertPool()
if rootCAs == nil {
rootCAs = x509.NewCertPool()
}
certs, err := ioutil.ReadFile(certPath)
if err != nil {
return nil, errors.New("no certs appended, using system certs only")
}
if ok := rootCAs.AppendCertsFromPEM(certs); !ok {
log.Println("no certs appended, using systems only certs")
}
return rootCAs, nil
}
func NewApns2ClientWithGeoTrustCA(certificate tls.Certificate) *apns2.Client {
rootCas, err := newCertPool(GeoTrustCACert)
if err != nil {
return nil
}
tlsConfig := &tls.Config{
RootCAs: rootCas,
Certificates: []tls.Certificate{certificate},
}
if len(certificate.Certificate) > 0 {
tlsConfig.BuildNameToCertificate()
}
transport := &http2.Transport{
TLSClientConfig: tlsConfig,
DialTLS: apns2.DialTLS,
}
return &apns2.Client{
HTTPClient: &http.Client{
Transport: transport,
Timeout: apns2.HTTPClientTimeout,
},
Certificate: certificate,
Host: apns2.DefaultHost,
}
}
解决方案2
0 2021-02-10 14:58:14
We also faced similar problem in our spring boot application which is using dependency of artifact "pushy", groupId "com.eatthepath" with "0.14.2" version for APN push notification and deployed in heroku.我们在 spring 启动应用程序中也遇到了类似的问题,它使用工件“pushy”、groupId“com.eatthepath”和“0.14.2”版本的 APN 推送通知并部署在 heroku 中。 And to solve this problem we followed the steps from this link: https://help.heroku.com/447CZS8V/why-is-my-java-app-unable-to-find-a-valid-certification-path and https://devcenter.heroku.com/articles/customizing-the-jdk and then also used the "CaCertUtil" class and "GeoTrust_Global_CA.pem" file and added ".setTrustedServerCertificateChain(CaCertUtil.allCerts());" And to solve this problem we followed the steps from this link: https://help.heroku.com/447CZS8V/why-is-my-java-app-unable-to-find-a-valid-certification-path and https ://devcenter.heroku.com/articles/customizing-the-jdk然后还使用了“CaCertUtil”class 和“GeoTrust_Global_CA.pem”文件并添加了“.setTrustedServerCertificateChain(CaCertUtil();” line while building ApnsClientBuilder.在构建 ApnsClientBuilder 时行。
"CaCertUtil" and "GeoTrust_Global_CA.pem" is taken from this link https://github.com/wultra/powerauth-push-server/commit/71abeb5663201fedf64830fa0ebdf4db6c537e4b . “CaCertUtil”和“GeoTrust_Global_CA.pem”取自此链接https://github.com/wultra/powerauth-push-server/commit/71abeb5663201fedf64830fa0ebdf4db6c537e4b 。
解决方案3
0 2021-02-10 15:01:52
We faced a similar issue this week and solved it by adding certificates to the App variables directly in Heroku Dashboard.本周我们遇到了类似的问题,并通过直接在 Heroku 仪表板中将证书添加到应用程序变量来解决它。 According to the documentation you could also manually add the CA again.根据文档,您还可以再次手动添加 CA。 https://devcenter.heroku.com/articles/ssl https://devcenter.heroku.com/articles/ssl
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.