Which certificate is used to send messages through APNS webusa?

$ctx = stream_context_create();
stream_context_set_option($ctx, 'ssl', 'local_cert', $certDir);

To connect the necessary pem certificate, but what specifically to do? For subscriptions I have. cer and made of it WebPush p12 certificate, which Apple calls the aps website production. I thought one of these certifcates must be converted to pem. Tried .p12 to pem, cer also tried to sign the private key .p12, both of these are certificate verification
openssl s_client -connect gateway.push.apple.com:2195 -cert cert.pem

but push never arrives. I think that the problem is in the certificate, below I attach the code
$certDir = 'cert.pem';

 $address = 'gateway.push.apple.com:2195';
 $deviceToken = 'D1BF307920AEA35AA1E2C3F4B38863FC801F08EEC9BA00FABDDBCFF3C517DAB6';

 $ctx = stream_context_create();
 stream_context_set_option($ctx, 'ssl', 'local_cert', $certDir);
 stream_context_set_option($ctx, 'ssl', 'passphrase', '***');

 $socketClient = stream_socket_client(
 $payload = array(
 'aps' => array(
 'alert' => array(
 'title' => 'Foo',
 'body' => 'bar',
 'action' => 'view',

 $encodedPayload = json_encode($payload);

// $binaryMessage = chr(0).
// chr(0).
// chr(32).
// pack('H*', $deviceToken).
// chr(0).chr(strlen($encodedPayload)).
// $encodedPayload;

 $binaryMessage = chr(0) . pack('n', 32) . pack('H*', $deviceToken) . pack('n', strlen($encodedPayload)) .$encodedPayload;

 $result = fwrite($socketClient, $binaryMessage, strlen($binaryMessage));


 while(!feof($socketClient)) {


$errstr = string(0) ""
$result = int(119)
var_dump(fgets($socketClient,64)) = bool(false)
July 2nd 19 at 14:16
1 answer
July 2nd 19 at 14:18
"If You are confused with the certificates, the distribution will be successful."
In General it is not so much the code I needed how to untangle a story of certificates. Ie for sending Safari push uses the same certificate as for iOS? It is necessary to register an App ID in the developer account? - nikita.Stracke commented on July 2nd 19 at 14:21
: Yes, you need to LK to register each application and to generate certificates from there. - Marcel commented on July 2nd 19 at 14:24

Find more questions by tags SafariJavaScriptPHP