December 22, 2024

iOS Push Notifications Certificate

To successfully send a push notification to an iOS device using Apple Push Notification Services (APNS), the pushing application must have a certificate and key registered with Apple.

This is done while setting up an iOS application in the Apple Provisioning Portal, as described in detail by Matthijs Hollemans (and continued in Part 2).

To create the certificate for the application serving the APNS messages, the following are needed:

  • YourAppCertificate.pem
  • YourAppKey.pem

(See Matthijs’ articles if these are a mystery)

If you’re a Windows user like me, you’ll also need to have the following software installed:

To get OpenSSL to cooperate, I found that setting an environmental variable was necessary:

set OPENSSL_CONF=c:\openssl\bin\openssl.cfg

I also found it easiest to copy my PEM files to the OpenSSL bin folder; presumedly you could set the Windows Path and avoid this nuisance step.

With all the pieces in place, generating the certificate itself is quite easily, if you know the magic command (nicely documented by Adobe):

openssl pkcs12 -export -inkey YourAppKey.pem -in YourAppCert.pem -out YourAppCertificate.p12

You’ll be prompted for the pass phrase for the key PEM, which you must supply.

Then you’ll be prompted to set a password on the certificate, which your application will sent with the certificate when it queues an APNS message with Apple.

Sending an APNS message is not overly difficult, but that’s a subject for another day…


Below are some helpful OpenSSL commands I copied from the Adobe article so as to have them close at hand

Marc

Convert an Apple developer certificate to a P12 file on Windows

To develop iPhone applications using Flash CS5, you must use a P12 certificate file. You generate this certificate based on the Apple iPhone developer certificate file you receive from Apple.

  1. Convert the developer certificate file you receive from Apple into a PEM certificate file. Run the following command-line statement from the OpenSSL bin directory:

    openssl x509 -in developer_identity.cer -inform DER -out developer_identity.pem -outform PEM
  2. If you are using the private key from the keychain on a Mac computer, convert it into a PEM key:

    openssl pkcs12 -nocerts -in mykey.p12 -out mykey.pem
  3. You can now generate a valid P12 file, based on the key and the PEM version of the iPhone developer certificate:

    openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem -out iphone_dev.p12

    If you are using a key from the Mac OS keychain, use the PEM version you generated in the previous step. Otherwise, use the OpenSSL key you generated earlier (on Windows).

Leave a Reply