certificate and private key for push notification - ios

I need cert.pem and key.pem for API(in my node js backend) but I just download .cert file from App IDs -> Edit -> Download. How can I get it, I can extract it from .cer file?

Generate a Push Certificate
To generate a certificate on a Mac OS X:
Log-in to the iPhone Developer Program Portal
Choose App IDs from the menu on the right
Create an App ID without a wildcard. For example 3L223ZX9Y3.com.armiento.test
Click the Configure link next to this App ID and then click on the button to start the wizard to generate a new Development Push SSL Certificate (Apple Documentation: Creating the SSL Certificate and Keys)
Download this certificate and double click on aps_developer_identity.cer to import it into your Keychain
Launch Keychain Assistant (located in Application, Utilities or search for it with Spotlight) and click on My Certificates on the left
Expand Apple Development Push Services and select Apple Development Push Services AND your private key (just under Apple Development Push Services)
Right-click and choose "Export 2 elements..." and save as server_certificates_bundle_sandbox.p12 (don't type a password).
Open Terminal and change directory to location used to save server_certificates_bundle_sandbox.p12 and convert the PKCS12 certificate bundle into PEM format using this command (press enter when asked for Import Password):
openssl pkcs12 -in server_certificates_bundle_sandbox.p12 -out server_certificates_bundle_sandbox.pem -nodes -clcerts
Now you can use this PEM file as your certificate in ApnsPHP!

Copied from:
http://www.pressmatrix.de/product-blog/apple-ios-push-notification-setup-guide/
Launch the Keychain Access tool and select My Certificates in the left hand panel.
Locate the certificate you wish to install and reveal its contents. There should be both a certificate and a private key inside.
Select both the certificate and private key, then click File and Export Items. Select Personal Information Exchange (.p12) as the output file format.
Move the CSR file, .p12 file and xxx.cer files into the same folder and navigate to that location within the terminal window.
Convert the xxx.cer file into a cert.pem file using the following command:
openssl x509 -in xxx.cer -inform der -out cert.pem
Convert the private key xxx.p12 into a key.pem file:
openssl pkcs12 -nocerts -out key.pem -in xxx.p12
Or refer to:
https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Chapters/ProvisioningDevelopment.html#//apple_ref/doc/uid/TP40008194-CH104-SW5

Related

Convert .cer to .p12

I'm working on a project for a client. I have two .cer files (developer and distribution) both are loaded into Keystore Access on Mac OS X. However I'm unable to export as a .p12 file.
Alternatively I tried OpenSSL but still no luck...
openssl pkcs12 -export -in followMe_ios_development.cer -out followMe_ios_development.p12 -clcerts -nokeys
How can I export this .cer file as a .p12 so I can compile this app for iOS?
What works for me dealing with Push Notification certifies has been:
Open the certificate: open my_filename.cer and click "View Certificates" to see the certificate's name
Go to Applications -> Utilities -> Keychain Access
Ensure you have selected the "login" keychain, not the "system" one (thanks to #Matt Flettcher )
Go to "Certificates"
Look for the desired certificate
Ensure that you can expand it and see under it the original ".certSigningRequest" used to generate the certificate
At this moment you should be able to export it as ".p12"
try this:
given you have files as follow:
aps.cer, downloaded from Apple.
app.key, your own private key generated by openssl.
1st, convert the .cer file into .pem format:
openssl x509 -in aps.cer -inform DER -out aps.pem -outform PEM
2nd, use the .pem file and your private .key to generate .p12 file:
openssl pkcs12 -export -out aps.p12 -inkey app.key -in aps.pem
this should prompt to ask a password for this .p12 file.
CF:
aps_developer_identity.cer to p12 without having to export from Key Chain?
Creating a .p12 file
I had the same problem. .p12 Export was not available, only .p7b
I solved it very easily:
You don´t select your certificate via the "certificates" directory on the lower left, but via the "My Certificates" directory.
Like this, an arrow should show up left of your certificate.
Click it, and you will see your private Key.
Right-Click on your private Key and select the "export Key" option. Now you can create a .p12 Certificate File, just as the doctor ordered.
Good Luck!
You should select both cert and private key. Then you will able to export certs with p12 extension.
In my case I'm trying to create a pfx/PKCS12 file and have tried the given commands and ran through couple of issues out of which one was : Unable to load certificate even I'm doing right. So then tried with the below one command instead of few others:
openssl pkcs12 -export -out requiredPFXfile.pfx -inkey yourPrivateKey.key -in yourcertificate.cer
Please find link for more details :-
https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/
I'm newbie to SSL & certs stuff & can't judge on other answers,appreciate everyone's work here!!
In my case the abilty to export in p12 format depends on certificate type. For "Apple Distribution" certificate type it is disabled, right like in your case.
When I created new certificate with type "IOS Distribution (App Store and Ad Hoc)" and processed it right like previous one, the p12 format became available in export dialog.

Apple push notifications certificate on windows server

I'm trying to generate a new push notifications certificate on my IIS.
In the past I used to go to IIS mamager --> Server Certificates then select "Create Certificate Request", fill out the details and it generated a txt file which I uploaded to apple to generate and download the cer file.
My problem is that for some reason I can't upload this text file. I get this message:
Invalid CSR
Select a valid Certificate Signing Request
anyone encountered this issue?
Finally got it working.
This is what I did:
In IIS using Cygwin:
Generate private key:
openssl genrsa -out myAppName.key 2048
Generate csr file from private key:
openssl req -new -sha256 -key myAppNameCSR.key -out myAppName.csr
Upload csr file to apple to generate certificate
Download the certificate
Convert certificate to pem file
openssl x509 -in aps_development.cer -inform der -out myAppNameCert.pem
Generate pfx file
openssl pkcs12 -export -out myAppNameKey.pfx -inkey myAppNameCSR.key -in myAppNameCert.pem
To install the certificate in Windows Server:
Click Start > Run.
At the prompt, type in mmc, and then click OK to open the Microsoft Management Console.
Click File, and then click Add/Remove Snap-in.
Click Certificates from the list of available snap-ins, and then click Add..
Click Computer account.
Click Next, and then click Finish.
Click OK.
Right-click the Personal tree node and select All Tasks >Import.
Follow the Wizard, pointing it to the pfx file generated and provide the password used to secure it during creation.
Under the Personal tree node, double-click the Certificates folder.
Right-click the newly installed certificate.
Select All Tasks > Manage Private Keys.
In the Security tab, add the Network Service account providing Read access.
add the group IIS_IUSRS to the private key, and make sure it has full control.
Making a PEM File with Cygwin
So now you have these files:
The private key as a pfx file
The SSL certificate, aps_development.cer as pem file
Convert the pfx file to pem file:
openssl pkcs12 -nocerts -out myAppNameKey.pem -in myAppNameKey.pfx
Finally, combine the certificate and key into a single .pem file:
cat myAppNameCert.pem myAppNameKey.pem > ckDevelopment.pem
Hope this saves someone some time...
use Your keychain Access to genarate Certificate Signing Request
this tutorial might help you -
http://quickblox.com/developers/How_to_create_APNS_certificates

iOS mobileconfig file -- Still "Not Verified" -- but close - I see certification info

I've followed the instructions as I believe to sign my mobileconfig file so, with a users permission, I can correctly set their APN. However, when using this mobileconfig file the screen from iOS still continues to show "Not Verified". However, under 'More Details' it gives some encouraging information -- the signing certification information all seems correct.
i.e., I'm close - any ideas?
I've tried the basics -
iOS mobileconfig walkarounds
and variations, including not using the certificate chain.
How to Sign and verify a .mobileconfig file in apple
Export certificate from the key chain
keychain access --> Certifcates(LeftPanel)--> right click the particular certificate and export the certificate.
convert .p12 file to PEM file (converting use this link www.sslshopper.com/ssl-converter.html)
Eg: InnovCertificates.p12 to InnovCertificates.pem
Download Apple Root Certificate and Apple Intermediate Certificate
(For my .mobileconfig file verification i am used Apple Inc. Root Certificate(Apple Root Certificate) and
Application Integration Certificate (Apple Intermediate Certificate) certificates.
you can also use these certificates or other certificates that have in the apple certificates www.apple.com/certificateauthority/)
The download file is combination of certificate and keys . (Read the certificate in Terminal commands are following link info.ssl.com/article.aspx?id=12149)
From this certificate file we need extract certificate.
extract certificate from Apple Root Certificate. Then extract certificate from Apple Intermediate Certificate
openssl x509 -inform DER -outform PEM -in AppleIncRootCertificate.cer -out root.crt.pem
openssl x509 -inform DER -outform PEM -in AppleAAICA.cer -out Intermediate.crt.pem
open the two extracted file in text editor,
copy and paste the Intermediate.crt.pem to beginning of the root.crt.pem and save .then your root.crt.pem file is combination of two certificate.
Sign and verify the .mobileconfig file
Once you have all the files listed above, you will run a command like the following:
openssl smime -sign -in Example.mobileconfig -out SignedVerifyExample.mobileconfig -signer InnovCertificates.pem -certfile root.crt.pem -outform der -nodetach
The result .mobileconfig file is signed and verified.
Use full links:
1.renren.io/questions/637349/ios-mobileconfig-walkarounds
2.developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/smime.1ssl.html#//apple_ref/doc/man/1/smime
3.www.apple.com/certificateauthority/
4.www.rootmanager.com/iphone-ota-configuration/iphone-ota-setup-with-signed-mobileconfig.html
5.info.ssl.com/article.aspx?id=12149
6.www.sslshopper.com/ssl-converter.html
7.wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File
8.stackoverflow.com/questions/9277426/ios-mobileconfig-walkarounds
9.stackoverflow.com/questions/991758/how-to-get-an-openssl-pem-file-from-key-and-crt-files
10.discussions.apple.com/thread/2363234

Generate .pem file used to set up Apple Push Notifications

I tried and tried to generate a .pem file, every time generating certificates from the client's account and then generating the .pem file using the terminal, but it's of no use. Can anyone give a step-by-step procedure?
To enable Push Notification for your iOS app, you will need to create and upload the Apple Push Notification Certificate (.pem file) to us so we will be able to connect to Apple Push Server on your behalf.
(Updated version with updated screen shots Here)
Step 1: Login to iOS Provisioning Portal, click "Certificates" on the left navigation bar. Then, click "+" button.
Step 2: Select Apple Push Notification service SSL (Production) option under Distribution section, then click "Continue" button.
Step 3: Select the App ID you want to use for your BYO app (How to Create An App ID), then click "Continue" to go to next step.
Step 4: Follow the steps "About Creating a Certificate Signing Request (CSR)" to create a Certificate Signing Request.
To supplement the instruction provided by Apple. Here are some of the additional screenshots to assist you to complete the required steps:
Step 4 Supplementary Screenshot 1: Navigate to Certificate Assistant of Keychain Access on your Mac.
Step 4 Supplementary Screenshot 2: Fill in the Certificate Information. Click Continue.
Step 5: Upload the ".certSigningRequest" file which is generated in Step 4, then click "Generate" button.
Step 6: Click "Done" to finish the registration, the iOS Provisioning Portal Page will be refreshed that looks like the following screen:
Then Click "Download" button to download the certificate (.cer file) you've created just now. - Double click the downloaded file to install the certificate into Keychain Access on your Mac.
Step 7: On your Mac, go to "Keychain", look for the certificate you have just installed. If unsure which certificate is the correct one, it should start with "Apple Production IOS Push Services:" followed by your app's bundle ID.
Step 8: Expand the certificate, you should see the private key with either your name or your company name. Select both items by using the "Select" key on your keyboard, right click (or cmd-click if you use a single button mouse), choose "Export 2 items", like Below:
Then save the p12 file with name "pushcert.p12" to your Desktop - now you will be prompted to enter a password to protect it, you can either click Enter to skip the password or enter a password you desire.
Step 9: Now the most difficult part - open "Terminal" on your Mac, and run the following commands:
cd
cd Desktop
openssl pkcs12 -in pushcert.p12 -out pushcert.pem -nodes -clcerts
Step 10: Remove pushcert.p12 from Desktop to avoid mis-uploading it to Build Your Own area. Open "Terminal" on your Mac, and run the following commands:
cd
cd Desktop
rm pushcert.p12
Step 11 - NEW AWS UPDATE: Create new pushcert.p12 to submit to AWS SNS. Double click on the new pushcert.pem, then export the one highlighed on the green only.
Credit: AWS new update
Now you have successfully created an Apple Push Notification Certificate (.p12 file)! You will need to upload this file to our Build Your Own area later on. :)
There's much simpler solution today — pem. This tool makes life much easier.
For example, to generate or renew your push notification certificate just enter:
fastlane pem
and it's done in under a minute. In case you need a sandbox certificate, enter:
fastlane pem --development
And that's pretty it.
$ cd Desktop
$ openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem
Thanks! to all above answers.
I hope you have a .p12 file. Now, open terminal write following command. Set terminal to the path where you have put .12 file.
$ openssl pkcs12 -in yourCertifcate.p12 -out pemAPNSCert.pem -nodes
Enter Import Password: <Just enter your certificate password>
MAC verified OK
Now your .pem file is generated.
Verify .pem file
First, open the .pem in a text editor to view its content. The certificate content should be in format as shown below. Make sure the pem file contains both Certificate content(from BEGIN CERTIFICATE to END CERTIFICATE) as well as Certificate Private Key (from BEGIN PRIVATE KEY to END PRIVATE KEY) :
> Bag Attributes
> friendlyName: Apple Push Services:<Bundle ID>
> localKeyID: <> subject=<>
> -----BEGIN CERTIFICATE-----
>
> <Certificate Content>
>
> -----END CERTIFICATE----- Bag Attributes
> friendlyName: <>
> localKeyID: <> Key Attributes: <No Attributes>
> -----BEGIN PRIVATE KEY-----
>
> <Certificate Private Key>
>
> -----END PRIVATE KEY-----
Also, you check the validity of the certificate by going to SSLShopper Certificate Decoder and paste the Certificate Content (from BEGIN CERTIFICATE to END CERTIFICATE) to get all the info about the certificate as shown below:
Apple have changed the name of the certificate that is issued. You can now use the same certificate for both development and production. While you can still request a development only certificate you can no longer request a production only certificate.
it is very simple after exporting the Cert.p12 and key.p12,
Please find below command for the generating 'apns' .pem file.
https://www.sslshopper.com/ssl-converter.html

command to create apns-dev.pem from Cert.pem and Key.pem

openssl rsa -in Key.pem -out apns-dev-key-noenc.pem

cat Cert.pem apns-dev-key-noenc.pem > apns-dev.pem
Above command is useful for both Sandbox and Production.
According to Troubleshooting Push Certificate Problems
The SSL certificate available in your Apple Developer Program account contains a public key but not a private key. The private key exists only on the Mac that created the Certificate Signing Request uploaded to Apple. Both the public and private keys are necessary to export the Privacy Enhanced Mail (PEM) file.
Chances are the reason you can't export a working PEM from the certificate provided by the client is that you do not have the private key. The certificate contains the public key, while the private key probably only exists on the Mac that created the original CSR.
You can either:
Try to get the private key from the Mac that originally created the CSR. Exporting the PEM can be done from that Mac or you can copy the private key to another Mac.
or
Create a new CSR, new SSL certificate, and this time back up the private key.

How can I generate pem file for push notifications in iphone?

Using this link for generate pem file for push notification, but I can't understand following steps...
Installing the SSL Certificate and Key on the Server
You should install the SSL distribution certificate and private
cryptographic key you obtained earlier on the server computer on which
the provider code runs and from which it connects with the sandbox or
production versions of APNs. To do so, complete the following steps:
Open Keychain Access utility and click the My Certificates category in the left pane.
Find the certificate you want to install and disclose its contents.
You'll see both a certificate and a private key.
Select both the certificate and key, choose File > Export Items, and export them as a Personal Information Exchange (.p12) file.
Servers implemented in languages such as Ruby and Perl often are better able to deal with certificates in the Personal Information
Exchange format. To convert the certificate to this format, complete
the following steps:
In KeyChain Access, select the certificate and choose File > Export Items. Select the Personal Information Exchange (.p12) option,
select a save location, and click Save.
Launch the Terminal application and enter the following command after the prompt: openssl pkcs12 -in CertificateName.p12 -out
CertificateName.pem -nodes.
Copy the .pem certificate to the new computer and install it in the appropriate place.
finally i sloved generate push notification certifcates
complete step for generate push notification certificates.....
1) open key chain and request certificate show in below image.
2) change common name as your project_name.
3) in keychain open key you can show two key public and private
4) write click on private key and export it.
5) make name project_name_key.p12
6) add password ex-1234
7) enter system login password and save it. now you have following certificates.
8) now goto developer account (https://developer.apple.com/devcenter/ios/index.action) and goto identifier create new if not exits. and edit setting.
if push notification disable then enable it from edit.
9) for development you can create first one and distribution you can select last one.
10) after select and generate download apns certificate and put into desktop and double click on it.
11) then open key chain and goto certificates. and you can show your push service open then you show private key.
export it with 1234 password.
12) now you have following file.
13) open terminal and goto desktop.
14) generate .pem file using following line for push_cert.p12 file
openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in push_cert.p12
then enter password:-1234
15) generate .pem file using following line for project_name_key.p12 file
openssl pkcs12 -nocerts -out apns-dev-key.pem -in project_name_key.p12
then enter password:-1234
Enter PEM pass phrase:1234
Verifying - Enter PEM pass phrase:1234
16) enter following 3 line in terminal
openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem
Enter pass phrase for apns-dev-key.pem:1234
cat apns-dev-cert.pem apns-dev-key-noenc.pem > apns-dev.pem
17) you have following certificate.
18) apns-dev.pem file send on server and it pass is 1234
19) for development you must use gateway.sandbox.push.apple.com server.
and distribution you can use gateway.push.apple.com server.
For **
Production Push Notification
**
I took reference from this link
To enable Push Notification for your iOS app, you will need to create and upload the Apple Push Notification Certificate (.pem file) to us so we will be able to connect to Apple Push Server on your behalf.
(Updated version with updated screen shots Here http://www.apptuitions.com/generate-pem-file-for-push-notification/)
Step 1: Login to iOS Provisioning Portal, click "Certificates" on the left navigation bar. Then, click "+" button.
Step 2: Select Apple Push Notification service SSL (Production) option under Distribution section, then click "Continue" button.
Step 3: Select the App ID you want to use for your BYO app (How to Create An App ID), then click "Continue" to go to next step.
Step 4: Follow the steps "About Creating a Certificate Signing Request (CSR)" to create a Certificate Signing Request.
To supplement the instruction provided by Apple. Here are some of the additional screenshots to assist you to complete the required steps:
Step 4 Supplementary Screenshot 1: Navigate to Certificate Assistant of Keychain Access on your Mac.
Step 4 Supplementary Screenshot 2: Fill in the Certificate Information. Click Continue.
Step 5: Upload the ".certSigningRequest" file which is generated in Step 4, then click "Generate" button.
Step 6: Click "Done" to finish the registration, the iOS Provisioning Portal Page will be refreshed that looks like the following screen:
Then Click "Download" button to download the certificate (.cer file) you've created just now. - Double click the downloaded file to install the certificate into Keychain Access on your Mac.
Step 7: On your Mac, go to "Keychain", look for the certificate you have just installed. If unsure which certificate is the correct one, it should start with "Apple Production IOS Push Services:" followed by your app's bundle ID.
Step 8: Expand the certificate, you should see the private key with either your name or your company name. Select both items by using the "Select" key on your keyboard, right click (or cmd-click if you use a single button mouse), choose "Export 2 items", like Below:
Then save the p12 file with name "pushcert.p12" to your Desktop - now you will be prompted to enter a password to protect it, you can either click Enter to skip the password or enter a password you desire.
Step 9: Now the most difficult part - open "Terminal" on your Mac, and run the following commands:
cd
cd Desktop
openssl pkcs12 -in pushcert.p12 -out pushcert.pem -nodes -clcerts
Step 10: By using this link(click here)
You can check weather the .PEM file is valid or not ---> if it's valid you will get success message with notification like:
For **
Development Push Notification
**
Just Watch the following Youtube link Click here and enjoy..
Here's a screenshot of what you have to select in step 3. It's not two certificates. It's a certificate + key.
I would suggest a much more simple solution. Just use Certifire.
Certifire is a macOS application that generates Apple Push Notification Certificates with just one click in a couple of seconds.
Here are the steps:
1. Download the app.
2. Log in using your Apple Developer Account credentials.
3. Choose the App-ID
4. Click "Generate" button
5. You're done!
You will get APN certificates in .pem format as well as in .p12 format.
Even more, you will get also combined .pem and .p12 too (key+cert)!
Much more, you will get no-passphrase versions of all these certificates also!
Just to add the #Nitin's very well described answer. After creating the pem, you can validate it with the
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert MyKey.pem -key MyKey.pem
where MyKey is the name of your pem file.
Replace the gateway.sandbox.push.apple.com with gateway.push.apple.com, to connect to the live APNS.
Right click on your APNs certificate and click on export. This will generate the .p12 certificate on desktop
open terminal cd desktop and convert .p12 into .pem using following command
openssl pkcs12 -in Certificates.p12 -out Certificates.pem -nodes -clcerts

Resources