Couldn't able to connect to APNS Sandbox server

I ran into this same issue; what eventually resolved the error was to re-export the Entrust certificate from System Roots of OS/X Keychain Access application.

To be complete, I'll give a complete explanation of how I created the key/cert files (something which should have been in Apple's TechNote 2265: https://developer.apple.com/library/content/technotes/tn2265/_index.html)

Creating your APN-cert-and-key:

1. Run Keychain Access; select "login" Keychain and "My Certificates" category
2. Select the certificate with the name format of "Apple Development IOS Push Services: ..."
3. Export the certificate (in the menu, under "File" .. "Export Items")
4. Export to .p12 format.
   This now contains your certificate and private key in an encrypted interchange format. The next step is to convert it to a passphrase protected .pem file

5. Using terminal, execute the following command (using your own filenames, of course):
   
   openssl pkcs12 -in PushCertKey.p12 -out PushCertKey.pem
   
   (You will need to enter the password for the .p12 file and provide another passphrase for the .pem file.)

   If you really really really don't want a passphrase on the .pem file, try:
   
   openssl pkcs12 -in PushCertKey.p12 -out PushCertKeyNoCrypt.pem -nodes
   
   

Creating CA Certificate file:

1. List item
2. Run Keychain Access application
3. Go to System Roots
4. Export the certificate named "Entrust.net Certification Authority (2048)" to a .pem file.
   
   Note: My Roots container has four Entrust certificates; two of them with the name "Entrust.net Certification Authority (2048)" (but with different certificate extensions, via Get Info). Both of the "Entrust.net Certification Authority (2048)" certificates where effective in validating the trust chain; the other two Entrust certificates did not work. More significantly, the Entrust certificate pointed at by the Apple TechNote 2265 also does not work.
   
   Make sure you export to .pem format; the default is .cer and this step is easy to miss.

Run the verification command:

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert PushCertKey.pem -debug -showcerts -CAfile "Entrust.net Certification Authority (2048).pem" 

This server and process assume that your are connecting to Apple's Dev sandbox APN server; if you are trying to use the production APN server, you will need to use the correct server and port.

For more information on openssl, I suggest the following pages:

• https://www.madboa.com/geek/openssl/
• https://www.sslshopper.com/article-most-common-openssl-commands.html
• http://gagravarr.org/writing/openssl-certs/general.shtml

SSL problems: Step wise fix. Most of the problems are due to the private key issues, which can be resolved as follows.

Follow the following commands and create the .p12 using openssl.

1. You will need developer_identity.cer <= download from Apple mykey.p12 <= Your private key

2. Run these commands in your terminal where openssl is configured,installed or working:

   • openssl x509 -in developer_identity.cer -inform DER -out developer_identity.pem -outform PEM
   • openssl pkcs12 -nocerts -in mykey.p12 -out mykey.pem
   • openssl pkcs12 -export -inkey mykey.pem -in developer_identity.pem -out iphone_dev.p12

Final p12 that you will require is iphone_dev.p12 file and the passphrase that you had set.

Try again, hope your problem is fixed, as it always does for me. :)