I tried and tried to generate a .pem file, every time generating certificates from the client's account and then generating the .pem file using the terminal, but it's of no use. Can anyone give a step-by-step procedure?
To enable Push Notification for your iOS app, you will need to create and upload the Apple Push Notification Certificate (.pem file) to us so we will be able to connect to Apple Push Server on your behalf.
(Updated version with updated screen shots Here)
Step 1: Login to iOS Provisioning Portal, click "Certificates" on the left navigation bar. Then, click "+" button.
Step 2: Select Apple Push Notification service SSL (Production) option under Distribution section, then click "Continue" button.
Step 3: Select the App ID you want to use for your BYO app (How to Create An App ID), then click "Continue" to go to next step.
Step 4: Follow the steps "About Creating a Certificate Signing Request (CSR)" to create a Certificate Signing Request.
To supplement the instruction provided by Apple. Here are some of the additional screenshots to assist you to complete the required steps:
Step 4 Supplementary Screenshot 1: Navigate to Certificate Assistant of Keychain Access on your Mac.
Step 4 Supplementary Screenshot 2: Fill in the Certificate Information. Click Continue.
Step 5: Upload the ".certSigningRequest" file which is generated in Step 4, then click "Generate" button.
Step 6: Click "Done" to finish the registration, the iOS Provisioning Portal Page will be refreshed that looks like the following screen:
Then Click "Download" button to download the certificate (.cer file) you've created just now. - Double click the downloaded file to install the certificate into Keychain Access on your Mac.
Step 7: On your Mac, go to "Keychain", look for the certificate you have just installed. If unsure which certificate is the correct one, it should start with "Apple Production IOS Push Services:" followed by your app's bundle ID.
Step 8: Expand the certificate, you should see the private key with either your name or your company name. Select both items by using the "Select" key on your keyboard, right click (or cmd-click if you use a single button mouse), choose "Export 2 items", like Below:
Then save the p12 file with name "pushcert.p12" to your Desktop - now you will be prompted to enter a password to protect it, you can either click Enter to skip the password or enter a password you desire.
Step 9: Now the most difficult part - open "Terminal" on your Mac, and run the following commands:
cd
cd Desktop
openssl pkcs12 -in pushcert.p12 -out pushcert.pem -nodes -clcerts
Step 10: Remove pushcert.p12 from Desktop to avoid mis-uploading it to Build Your Own area. Open "Terminal" on your Mac, and run the following commands:
cd
cd Desktop
rm pushcert.p12
Step 11 - NEW AWS UPDATE: Create new pushcert.p12 to submit to AWS SNS. Double click on the new pushcert.pem, then export the one highlighed on the green only.
Credit: AWS new update
Now you have successfully created an Apple Push Notification Certificate (.p12 file)! You will need to upload this file to our Build Your Own area later on. :)
There's much simpler solution today — pem. This tool makes life much easier.
For example, to generate or renew your push notification certificate just enter:
fastlane pem
and it's done in under a minute. In case you need a sandbox certificate, enter:
fastlane pem --development
And that's pretty it.
$ cd Desktop
$ openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem
Thanks! to all above answers.
I hope you have a .p12 file. Now, open terminal write following command. Set terminal to the path where you have put .12 file.
$ openssl pkcs12 -in yourCertifcate.p12 -out pemAPNSCert.pem -nodes
Enter Import Password: <Just enter your certificate password>
MAC verified OK
Now your .pem file is generated.
Verify .pem file
First, open the .pem in a text editor to view its content. The certificate content should be in format as shown below. Make sure the pem file contains both Certificate content(from BEGIN CERTIFICATE to END CERTIFICATE) as well as Certificate Private Key (from BEGIN PRIVATE KEY to END PRIVATE KEY) :
> Bag Attributes
> friendlyName: Apple Push Services:<Bundle ID>
> localKeyID: <> subject=<>
> -----BEGIN CERTIFICATE-----
>
> <Certificate Content>
>
> -----END CERTIFICATE----- Bag Attributes
> friendlyName: <>
> localKeyID: <> Key Attributes: <No Attributes>
> -----BEGIN PRIVATE KEY-----
>
> <Certificate Private Key>
>
> -----END PRIVATE KEY-----
Also, you check the validity of the certificate by going to SSLShopper Certificate Decoder and paste the Certificate Content (from BEGIN CERTIFICATE to END CERTIFICATE) to get all the info about the certificate as shown below:
Apple have changed the name of the certificate that is issued. You can now use the same certificate for both development and production. While you can still request a development only certificate you can no longer request a production only certificate.
it is very simple after exporting the Cert.p12 and key.p12,
Please find below command for the generating 'apns' .pem file.
https://www.sslshopper.com/ssl-converter.html
command to create apns-dev.pem from Cert.pem and Key.pem
openssl rsa -in Key.pem -out apns-dev-key-noenc.pem
cat Cert.pem apns-dev-key-noenc.pem > apns-dev.pem
Above command is useful for both Sandbox and Production.
According to Troubleshooting Push Certificate Problems
The SSL certificate available in your Apple Developer Program account contains a public key but not a private key. The private key exists only on the Mac that created the Certificate Signing Request uploaded to Apple. Both the public and private keys are necessary to export the Privacy Enhanced Mail (PEM) file.
Chances are the reason you can't export a working PEM from the certificate provided by the client is that you do not have the private key. The certificate contains the public key, while the private key probably only exists on the Mac that created the original CSR.
You can either:
Try to get the private key from the Mac that originally created the CSR. Exporting the PEM can be done from that Mac or you can copy the private key to another Mac.
or
Create a new CSR, new SSL certificate, and this time back up the private key.
Related
I'm working on a project for a client. I have two .cer files (developer and distribution) both are loaded into Keystore Access on Mac OS X. However I'm unable to export as a .p12 file.
Alternatively I tried OpenSSL but still no luck...
openssl pkcs12 -export -in followMe_ios_development.cer -out followMe_ios_development.p12 -clcerts -nokeys
How can I export this .cer file as a .p12 so I can compile this app for iOS?
What works for me dealing with Push Notification certifies has been:
Open the certificate: open my_filename.cer and click "View Certificates" to see the certificate's name
Go to Applications -> Utilities -> Keychain Access
Ensure you have selected the "login" keychain, not the "system" one (thanks to #Matt Flettcher )
Go to "Certificates"
Look for the desired certificate
Ensure that you can expand it and see under it the original ".certSigningRequest" used to generate the certificate
At this moment you should be able to export it as ".p12"
try this:
given you have files as follow:
aps.cer, downloaded from Apple.
app.key, your own private key generated by openssl.
1st, convert the .cer file into .pem format:
openssl x509 -in aps.cer -inform DER -out aps.pem -outform PEM
2nd, use the .pem file and your private .key to generate .p12 file:
openssl pkcs12 -export -out aps.p12 -inkey app.key -in aps.pem
this should prompt to ask a password for this .p12 file.
CF:
aps_developer_identity.cer to p12 without having to export from Key Chain?
Creating a .p12 file
I had the same problem. .p12 Export was not available, only .p7b
I solved it very easily:
You don´t select your certificate via the "certificates" directory on the lower left, but via the "My Certificates" directory.
Like this, an arrow should show up left of your certificate.
Click it, and you will see your private Key.
Right-Click on your private Key and select the "export Key" option. Now you can create a .p12 Certificate File, just as the doctor ordered.
Good Luck!
You should select both cert and private key. Then you will able to export certs with p12 extension.
In my case I'm trying to create a pfx/PKCS12 file and have tried the given commands and ran through couple of issues out of which one was : Unable to load certificate even I'm doing right. So then tried with the below one command instead of few others:
openssl pkcs12 -export -out requiredPFXfile.pfx -inkey yourPrivateKey.key -in yourcertificate.cer
Please find link for more details :-
https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/
I'm newbie to SSL & certs stuff & can't judge on other answers,appreciate everyone's work here!!
In my case the abilty to export in p12 format depends on certificate type. For "Apple Distribution" certificate type it is disabled, right like in your case.
When I created new certificate with type "IOS Distribution (App Store and Ad Hoc)" and processed it right like previous one, the p12 format became available in export dialog.
I need cert.pem and key.pem for API(in my node js backend) but I just download .cert file from App IDs -> Edit -> Download. How can I get it, I can extract it from .cer file?
Generate a Push Certificate
To generate a certificate on a Mac OS X:
Log-in to the iPhone Developer Program Portal
Choose App IDs from the menu on the right
Create an App ID without a wildcard. For example 3L223ZX9Y3.com.armiento.test
Click the Configure link next to this App ID and then click on the button to start the wizard to generate a new Development Push SSL Certificate (Apple Documentation: Creating the SSL Certificate and Keys)
Download this certificate and double click on aps_developer_identity.cer to import it into your Keychain
Launch Keychain Assistant (located in Application, Utilities or search for it with Spotlight) and click on My Certificates on the left
Expand Apple Development Push Services and select Apple Development Push Services AND your private key (just under Apple Development Push Services)
Right-click and choose "Export 2 elements..." and save as server_certificates_bundle_sandbox.p12 (don't type a password).
Open Terminal and change directory to location used to save server_certificates_bundle_sandbox.p12 and convert the PKCS12 certificate bundle into PEM format using this command (press enter when asked for Import Password):
openssl pkcs12 -in server_certificates_bundle_sandbox.p12 -out server_certificates_bundle_sandbox.pem -nodes -clcerts
Now you can use this PEM file as your certificate in ApnsPHP!
Copied from:
http://www.pressmatrix.de/product-blog/apple-ios-push-notification-setup-guide/
Launch the Keychain Access tool and select My Certificates in the left hand panel.
Locate the certificate you wish to install and reveal its contents. There should be both a certificate and a private key inside.
Select both the certificate and private key, then click File and Export Items. Select Personal Information Exchange (.p12) as the output file format.
Move the CSR file, .p12 file and xxx.cer files into the same folder and navigate to that location within the terminal window.
Convert the xxx.cer file into a cert.pem file using the following command:
openssl x509 -in xxx.cer -inform der -out cert.pem
Convert the private key xxx.p12 into a key.pem file:
openssl pkcs12 -nocerts -out key.pem -in xxx.p12
Or refer to:
https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Chapters/ProvisioningDevelopment.html#//apple_ref/doc/uid/TP40008194-CH104-SW5
First of all thanks for your attention. The escenario here is that I need to send the same PUSH notification to thousands of devices. I've been reading the Apple documentation regarding to this topic, how to generate .p12 certificate in pushnotifications
To Generate a Push Certificate for server Side Follow these simple steps
Step 1: Log-in to the iPhone Developer Program Portal.
Step 2: Choose App IDs from the menu on the right.
Step 3: Create an App ID without a wildcard. For example 3L223ZX9Y3.com.hello.test
Step 4: Click the Configure link next to this App ID and then click on the button to start the wizard to generate a new Development Push SSL Certificate
Step 5: Download this certificate and double click on aps_developer_identity.cer to import it into your Keychain.
Step 6: Launch Keychain Assistant (located in Application, Utilities or search for it with Spotlight) and click on My Certificates on the left.
Step 7: Expand Apple Development Push Services and select Apple Development Push Services AND your private key (just under Apple Development Push Services).
Step 8: Right-click and choose "Export 2 elements..." and save as server_certificates_bundle_sandbox.p12 (don't type a password).
Step 9: Open Terminal and change directory to location used to save server_certificates_bundle_sandbox.p12 and convert the PKCS12 certificate bundle into PEM format using this command (press enter when asked for Import Password):
openssl pkcs12 -in server_certificates_bundle_sandbox.p12 -out server_certificates_bundle_sandbox.pem -nodes -clcerts
Using this link for generate pem file for push notification, but I can't understand following steps...
Installing the SSL Certificate and Key on the Server
You should install the SSL distribution certificate and private
cryptographic key you obtained earlier on the server computer on which
the provider code runs and from which it connects with the sandbox or
production versions of APNs. To do so, complete the following steps:
Open Keychain Access utility and click the My Certificates category in the left pane.
Find the certificate you want to install and disclose its contents.
You'll see both a certificate and a private key.
Select both the certificate and key, choose File > Export Items, and export them as a Personal Information Exchange (.p12) file.
Servers implemented in languages such as Ruby and Perl often are better able to deal with certificates in the Personal Information
Exchange format. To convert the certificate to this format, complete
the following steps:
In KeyChain Access, select the certificate and choose File > Export Items. Select the Personal Information Exchange (.p12) option,
select a save location, and click Save.
Launch the Terminal application and enter the following command after the prompt: openssl pkcs12 -in CertificateName.p12 -out
CertificateName.pem -nodes.
Copy the .pem certificate to the new computer and install it in the appropriate place.
finally i sloved generate push notification certifcates
complete step for generate push notification certificates.....
1) open key chain and request certificate show in below image.
2) change common name as your project_name.
3) in keychain open key you can show two key public and private
4) write click on private key and export it.
5) make name project_name_key.p12
6) add password ex-1234
7) enter system login password and save it. now you have following certificates.
8) now goto developer account (https://developer.apple.com/devcenter/ios/index.action) and goto identifier create new if not exits. and edit setting.
if push notification disable then enable it from edit.
9) for development you can create first one and distribution you can select last one.
10) after select and generate download apns certificate and put into desktop and double click on it.
11) then open key chain and goto certificates. and you can show your push service open then you show private key.
export it with 1234 password.
12) now you have following file.
13) open terminal and goto desktop.
14) generate .pem file using following line for push_cert.p12 file
openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in push_cert.p12
then enter password:-1234
15) generate .pem file using following line for project_name_key.p12 file
openssl pkcs12 -nocerts -out apns-dev-key.pem -in project_name_key.p12
then enter password:-1234
Enter PEM pass phrase:1234
Verifying - Enter PEM pass phrase:1234
16) enter following 3 line in terminal
openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem
Enter pass phrase for apns-dev-key.pem:1234
cat apns-dev-cert.pem apns-dev-key-noenc.pem > apns-dev.pem
17) you have following certificate.
18) apns-dev.pem file send on server and it pass is 1234
19) for development you must use gateway.sandbox.push.apple.com server.
and distribution you can use gateway.push.apple.com server.
For **
Production Push Notification
**
I took reference from this link
To enable Push Notification for your iOS app, you will need to create and upload the Apple Push Notification Certificate (.pem file) to us so we will be able to connect to Apple Push Server on your behalf.
(Updated version with updated screen shots Here http://www.apptuitions.com/generate-pem-file-for-push-notification/)
Step 1: Login to iOS Provisioning Portal, click "Certificates" on the left navigation bar. Then, click "+" button.
Step 2: Select Apple Push Notification service SSL (Production) option under Distribution section, then click "Continue" button.
Step 3: Select the App ID you want to use for your BYO app (How to Create An App ID), then click "Continue" to go to next step.
Step 4: Follow the steps "About Creating a Certificate Signing Request (CSR)" to create a Certificate Signing Request.
To supplement the instruction provided by Apple. Here are some of the additional screenshots to assist you to complete the required steps:
Step 4 Supplementary Screenshot 1: Navigate to Certificate Assistant of Keychain Access on your Mac.
Step 4 Supplementary Screenshot 2: Fill in the Certificate Information. Click Continue.
Step 5: Upload the ".certSigningRequest" file which is generated in Step 4, then click "Generate" button.
Step 6: Click "Done" to finish the registration, the iOS Provisioning Portal Page will be refreshed that looks like the following screen:
Then Click "Download" button to download the certificate (.cer file) you've created just now. - Double click the downloaded file to install the certificate into Keychain Access on your Mac.
Step 7: On your Mac, go to "Keychain", look for the certificate you have just installed. If unsure which certificate is the correct one, it should start with "Apple Production IOS Push Services:" followed by your app's bundle ID.
Step 8: Expand the certificate, you should see the private key with either your name or your company name. Select both items by using the "Select" key on your keyboard, right click (or cmd-click if you use a single button mouse), choose "Export 2 items", like Below:
Then save the p12 file with name "pushcert.p12" to your Desktop - now you will be prompted to enter a password to protect it, you can either click Enter to skip the password or enter a password you desire.
Step 9: Now the most difficult part - open "Terminal" on your Mac, and run the following commands:
cd
cd Desktop
openssl pkcs12 -in pushcert.p12 -out pushcert.pem -nodes -clcerts
Step 10: By using this link(click here)
You can check weather the .PEM file is valid or not ---> if it's valid you will get success message with notification like:
For **
Development Push Notification
**
Just Watch the following Youtube link Click here and enjoy..
Here's a screenshot of what you have to select in step 3. It's not two certificates. It's a certificate + key.
I would suggest a much more simple solution. Just use Certifire.
Certifire is a macOS application that generates Apple Push Notification Certificates with just one click in a couple of seconds.
Here are the steps:
1. Download the app.
2. Log in using your Apple Developer Account credentials.
3. Choose the App-ID
4. Click "Generate" button
5. You're done!
You will get APN certificates in .pem format as well as in .p12 format.
Even more, you will get also combined .pem and .p12 too (key+cert)!
Much more, you will get no-passphrase versions of all these certificates also!
Just to add the #Nitin's very well described answer. After creating the pem, you can validate it with the
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert MyKey.pem -key MyKey.pem
where MyKey is the name of your pem file.
Replace the gateway.sandbox.push.apple.com with gateway.push.apple.com, to connect to the live APNS.
Right click on your APNs certificate and click on export. This will generate the .p12 certificate on desktop
open terminal cd desktop and convert .p12 into .pem using following command
openssl pkcs12 -in Certificates.p12 -out Certificates.pem -nodes -clcerts
using this link i try to make push notification apps .
but, this used old apple panel for generate ssl and provision certificate.
any one generate ssl and provision using new apple panel?
below step for generate ck.pem
1) $ openssl x509 -in aps_developer_identity.cer -inform der -out
PushChatCert.pem
2) $ openssl pkcs12 -nocerts -out PushChatKey.pem -in PushChatKey.p12
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
3) $ cat PushChatCert.pem PushChatKey.pem > ck.pem
4) $ telnet gateway.sandbox.push.apple.com 2195
Trying 17.172.232.226...
Connected to gateway.sandbox.push-apple.com.akadns.net.
Escape character is '^]'.
is this correct step?
please help me......
thanks
You can still use the Provisioning and Development guide. They haven't modified it for the new Certificates, Identifiers & Profiles page (which replaced the iOS Provisioning Portal) yet, but it doesn't make much difference.
In the following screen click on Identifiers :
Then click on the relevant App ID (or create a new one if it doesn't exist).
Then click Edit.
Then make sure the check box next to Push Notifications is enabled (check it if it's not).
Then click Create Certificate... for either Development or Production.
The rest of the process should be identical to the way it was before the portal change, so you can either use the instructions in the link I provided, or instructions from other tutorials (such as the one in the link you provided).