I read this tutorial: http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1
He is generating the certificate signing request on his Mac using Keychain Access:
For Production, we are using an Ubuntu Server. Do you have to generate the CSR on the Ubuntu Server directly, or can you use the certificate generated on my Mac?
If you have to generate the CSR on the Ubuntu server, how can this be done?
You can use the CSR generated on the Mac. Once you have the signed certificates (one for development and one for production) from the Apple Developer portal you will need to export them (including the private key) for use on your server, as per your second screen shot.
Related
I have bought my domain from whois and my site (Asp.Net MVC) in deployed in Azure. I want to add SSL which I want to buy from GoDaddy.com. To do that I have to generate CSR (certificate signing request) in Azure so that I can use it to get my SSL certificate from GoDaddy.
So how can I generate CSR in Azure?
We can't generate CSR in Azure. We could used IIS ,Certreq.exe or makecert.exe to generate your certificate request, install the certificate to your local machine, and then export the certificate to PFX. More details about how to bind custom-ssl, please refer to official tutorial. The following is details about how to use makecert.exe to create CSR:
Create a cert with makecert.exe that is under the VS folder after install the VS. The following code is just for demo
makecert -sky exchange -r -n "CN=[CertificateName]" -pe -a sha1 -len 2048 -ss My "[CertificateName].cer
After that we could export Base64-encoded .cer file
Update:
Requirements for your SSL certificate, the following is the snippet from the tutorial
To use a certificate in App Service, the certificate must meet all the following requirements:
Signed by a trusted certificate authority
Exported as a password-protected PFX file
Contains private key at least 2048 bits long
Contains all intermediate certificates in the certificate chain
If we want to use self signature certificate we need to Export a Certificate with the Private Key. And then we could follow official tutorial to upload the .PFX file to Azure WebApp.
Note: If we use self signature certificate , it will be not trusted.
Azure doesn't provide any mechanism to generate CSR. There are several ways to generate CSR:
Using certificate MMC
Using IIS Manager
using certreq.exe
using openssl
and many more
I would suggest you to use the Digicert's CSR generation tool. It can be used to generate a CSR and then you can use this to submit to GoDaddy. Here are the instructions on how to do this: CSR Creation in Azure App Service
Once you submit the CSR to the CA, they will provide you a .cer/.crt/.der file, which doesn't contain the private key.
You will first need to import this certificate to bind the private key with the cert. Once done, export the certificate with the private key so that you can generate a .PFX file, which the Azure App Services needs. You can again use Digicert's certificate utility to export the certifiate in pfx format. See this: How to Export Your SSL Certificate w/Private Key Using the DigiCert Certificate Utility
Or you can use the certificate console via MMC. See this:
Add the Certificates Snap-in to an MMC
Export a Certificate with the Private Key
I am going to use a linux server for push notifications.
Is the following correct?
Generate a CSR of the linux server
Upload the file to Apple to generate a cert
Change this cer to pem and then conbine with my private key pem of linux
Use the combined pem in my code
Is this correct? Since I get confused by the Apple document, I can now only test push notifications in my mac book, and can't test on other servers.
You don't have to generate the CSR on your linux server.
You can use the pem or p12 file you created (using your mac book) on any server.
If your code works when you test it on your mac book, it will work on any server. You just have to copy the pem or p12 file to that server.
I created a certificate signing request and used it to generate both a development and production push certificate.
Then I downloaded both of the certificates onto my computer and clicked both of them to install to the keychain.
However within the keychain only production certificate is showing as being associated with the CSR private key, the dev certificate is not, why is this?
You need to generate two separate CSRs, one for development and production each.
I'm trying to setup our APNS server. I was looking at the instructions on this page:
http://www.raywenderlich.com/3443/apple-push-notification-services-tutorial-part-12
I'm understanding everything. Problem is that I have a website already SSL enables (SSL terminates at the load balancer) on AWS, following these instructions a while back:
"Public key certificate and private key doesn't match" when using Godaddy issued certificate
The website for APNS is telling me to get a CSR file, etc. But if I already have this SSL certification done, does it mean I have to start from scratch and re-key my key? :( I wasn't able to find information regarding this...
The APNS CSR has nothing to do with any certificates you already have.
You have to create certificates in the developer area of apples websites. You don't install those certificates to the web server... they are only used from the php script on your server to connect to the apple server as a client. Your script has to load them while they run.. but they are not installed in the web server or load balancer.
I want to manage the iOS devices using Lion Server,I have purchased the Lion Server and installed in Mac system which has Lion OS 10.7.
I want to manage the devices with in our own network, I have not taken domain specific for MDM.
While creating cofig profile for MDM in IPCU,it needs the server url must begin with "https://".
So I am not able to install the MDM config profile in the iOS device, due to "htts".I tried to get ssl certificate for trial , but that is not available for private networks.
Is there any solution to resolve the issue with out purchasing ssl certificate or public domain.
Please correct me if I am doing something wrong and suggest the correct approach.
Self-signed ssl will work and while generating self-signed ssl certificate in server side,generate identity.p12 certificate and this certificate you need to use in identity section of IPCU.
And go through this also.
If you visit a page on the MDM web server with Safari and get the pop-up dialog warning about the identity of the server then you will need to install the SSL certificate on the device to allow the certificate to be trusted. This can be achieved by using iPCU or allowing the certificate from a web server.