The problem is you are using the "sandbox" APNS server which is used for development.

In order to test the production certificates you have to connect to the production APNS server. You can use the address:

gateway.push.apple.com:2195 instead of gateway.sandbox.push.apple.com:2195

Perhaps you are using development certificate, you need to use apple development IOS push service certificate and also you need to create .p12 from this certificate, not from development certificate.

This is not a problem. This, in fact, is confirmation that your certificate is working. If it were to not work you would get something like this:

unable to load client certificate private key file
<XXXXX>:error:<XXXX>:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539:
<XXXXX>:error:<XXXX>:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:104:
<XXXXX>:error:<XXXX>:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:130:
<XXXXX>:error:<XXXX>:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:132:

See this tutorial for an example http://lessons.runrev.com/s/lessons/m/4069/l/53405-how-do-i-use-push-notifications-with-ios

Or if you want to hear it from ray http://www.raywenderlich.com/forums/viewtopic.php?t=380&p=7734

There is an explanation of what is going on here: OpenSSL: unable to verify the first certificate for Experian URL

Essentially though, the cert would work if you were using a client that supported certificate discovery, and you don't need openssl to work, just to confirm that you made your cert right, and you've done that.