How can I generate pem file for push notifications in iphone? - ios

Using this link for generate pem file for push notification, but I can't understand following steps...
Installing the SSL Certificate and Key on the Server
You should install the SSL distribution certificate and private
cryptographic key you obtained earlier on the server computer on which
the provider code runs and from which it connects with the sandbox or
production versions of APNs. To do so, complete the following steps:
Open Keychain Access utility and click the My Certificates category in the left pane.
Find the certificate you want to install and disclose its contents.
You'll see both a certificate and a private key.
Select both the certificate and key, choose File > Export Items, and export them as a Personal Information Exchange (.p12) file.
Servers implemented in languages such as Ruby and Perl often are better able to deal with certificates in the Personal Information
Exchange format. To convert the certificate to this format, complete
the following steps:
In KeyChain Access, select the certificate and choose File > Export Items. Select the Personal Information Exchange (.p12) option,
select a save location, and click Save.
Launch the Terminal application and enter the following command after the prompt: openssl pkcs12 -in CertificateName.p12 -out
CertificateName.pem -nodes.
Copy the .pem certificate to the new computer and install it in the appropriate place.

finally i sloved generate push notification certifcates
complete step for generate push notification certificates.....
1) open key chain and request certificate show in below image.
2) change common name as your project_name.
3) in keychain open key you can show two key public and private
4) write click on private key and export it.
5) make name project_name_key.p12
6) add password ex-1234
7) enter system login password and save it. now you have following certificates.
8) now goto developer account (https://developer.apple.com/devcenter/ios/index.action) and goto identifier create new if not exits. and edit setting.
if push notification disable then enable it from edit.
9) for development you can create first one and distribution you can select last one.
10) after select and generate download apns certificate and put into desktop and double click on it.
11) then open key chain and goto certificates. and you can show your push service open then you show private key.
export it with 1234 password.
12) now you have following file.
13) open terminal and goto desktop.
14) generate .pem file using following line for push_cert.p12 file
openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in push_cert.p12
then enter password:-1234
15) generate .pem file using following line for project_name_key.p12 file
openssl pkcs12 -nocerts -out apns-dev-key.pem -in project_name_key.p12
then enter password:-1234
Enter PEM pass phrase:1234
Verifying - Enter PEM pass phrase:1234
16) enter following 3 line in terminal
openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem
Enter pass phrase for apns-dev-key.pem:1234
cat apns-dev-cert.pem apns-dev-key-noenc.pem > apns-dev.pem
17) you have following certificate.
18) apns-dev.pem file send on server and it pass is 1234
19) for development you must use gateway.sandbox.push.apple.com server.
and distribution you can use gateway.push.apple.com server.

For **
Production Push Notification
**
I took reference from this link
To enable Push Notification for your iOS app, you will need to create and upload the Apple Push Notification Certificate (.pem file) to us so we will be able to connect to Apple Push Server on your behalf.
(Updated version with updated screen shots Here http://www.apptuitions.com/generate-pem-file-for-push-notification/)
Step 1: Login to iOS Provisioning Portal, click "Certificates" on the left navigation bar. Then, click "+" button.
Step 2: Select Apple Push Notification service SSL (Production) option under Distribution section, then click "Continue" button.
Step 3: Select the App ID you want to use for your BYO app (How to Create An App ID), then click "Continue" to go to next step.
Step 4: Follow the steps "About Creating a Certificate Signing Request (CSR)" to create a Certificate Signing Request.
To supplement the instruction provided by Apple. Here are some of the additional screenshots to assist you to complete the required steps:
Step 4 Supplementary Screenshot 1: Navigate to Certificate Assistant of Keychain Access on your Mac.
Step 4 Supplementary Screenshot 2: Fill in the Certificate Information. Click Continue.
Step 5: Upload the ".certSigningRequest" file which is generated in Step 4, then click "Generate" button.
Step 6: Click "Done" to finish the registration, the iOS Provisioning Portal Page will be refreshed that looks like the following screen:
Then Click "Download" button to download the certificate (.cer file) you've created just now. - Double click the downloaded file to install the certificate into Keychain Access on your Mac.
Step 7: On your Mac, go to "Keychain", look for the certificate you have just installed. If unsure which certificate is the correct one, it should start with "Apple Production IOS Push Services:" followed by your app's bundle ID.
Step 8: Expand the certificate, you should see the private key with either your name or your company name. Select both items by using the "Select" key on your keyboard, right click (or cmd-click if you use a single button mouse), choose "Export 2 items", like Below:
Then save the p12 file with name "pushcert.p12" to your Desktop - now you will be prompted to enter a password to protect it, you can either click Enter to skip the password or enter a password you desire.
Step 9: Now the most difficult part - open "Terminal" on your Mac, and run the following commands:
cd
cd Desktop
openssl pkcs12 -in pushcert.p12 -out pushcert.pem -nodes -clcerts
Step 10: By using this link(click here)
You can check weather the .PEM file is valid or not ---> if it's valid you will get success message with notification like:
For **
Development Push Notification
**
Just Watch the following Youtube link Click here and enjoy..

Here's a screenshot of what you have to select in step 3. It's not two certificates. It's a certificate + key.

I would suggest a much more simple solution. Just use Certifire.
Certifire is a macOS application that generates Apple Push Notification Certificates with just one click in a couple of seconds.
Here are the steps:
1. Download the app.
2. Log in using your Apple Developer Account credentials.
3. Choose the App-ID
4. Click "Generate" button
5. You're done!
You will get APN certificates in .pem format as well as in .p12 format.
Even more, you will get also combined .pem and .p12 too (key+cert)!
Much more, you will get no-passphrase versions of all these certificates also!

Just to add the #Nitin's very well described answer. After creating the pem, you can validate it with the
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert MyKey.pem -key MyKey.pem
where MyKey is the name of your pem file.
Replace the gateway.sandbox.push.apple.com with gateway.push.apple.com, to connect to the live APNS.

Right click on your APNs certificate and click on export. This will generate the .p12 certificate on desktop
open terminal cd desktop and convert .p12 into .pem using following command
openssl pkcs12 -in Certificates.p12 -out Certificates.pem -nodes -clcerts

Related

iOS - How to check wheather pem file is valid or not?

I have created development and production pem files. I have followed this steps:
1) developer.apple.com : AppIDs section check Bundle id supports Development SSL Certificate
if no then create that certificate (which supports APNS)
2) open key chain
3) right click on our certificate and export certificate.
4) you will get .p12 file from here : like : hope_APNS.p12
5) open console(terminal) and run following command (use created .p12 file here as input)
openssl pkcs12 -in apns-dev-cert.p12 -out apns-dev-cert.pem -nodes -clcerts
6) you will get .pem file for the same. (like hope_APNS.pem)
Developement pem file is working fine. But there is some in production pem file. When i set production pem file and send push notification from console. I won't get push on my device.
That's an old thread but I was looking for the same answer and hope this solution help someone... worked for me.
You can test your PEM key using the following command, which should hang if successful until you press enter:
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert pnpush.pem -key pnpush.pem
The above tests the PEM Key in sandbox mode. For production mode, use the following command:
openssl s_client -connect gateway.push.apple.com:2195 -cert pnpush.pem -key pnpush.pem
Thanks to Craig at https://www.pubnub.com/knowledge-base/discussion/234/how-do-i-test-my-pem-key
There are many reasons why you may not be getting push notifications via a production .pem certificate on your device. Besides making sure you generated the distinct production certificate correctly, here are few things to check:
You have an Ad-Hoc or Distribution build running on your test device
when testing a production certificate
You have successfully
collected the production push token of said device (which will
always be different from the development push token)
You are able to connect to Apple Push Notification PRODUCTION servers
(gateway.push.apple.com, port 2195) with the new certificate (ie/
you're able to open a socket connection and it does not close
immediately)
You have checked that your certificate is not expired
Failing all that, you really need to check what is going on at the network level when you send something via that certificate. If it's invalid, it won't connect at all to Apple. If it's valid but the push token you're sending is not recognized by Apple, an error code will be returned (if you are using the binary interface) or the connection will be severed. You may also want to look into the APNS Feedback API to gain more insight on what is going wrong.
You may want to check out this answer and this other answer for more tips.

Generate .pem file used to set up Apple Push Notifications

I tried and tried to generate a .pem file, every time generating certificates from the client's account and then generating the .pem file using the terminal, but it's of no use. Can anyone give a step-by-step procedure?
To enable Push Notification for your iOS app, you will need to create and upload the Apple Push Notification Certificate (.pem file) to us so we will be able to connect to Apple Push Server on your behalf.
(Updated version with updated screen shots Here)
Step 1: Login to iOS Provisioning Portal, click "Certificates" on the left navigation bar. Then, click "+" button.
Step 2: Select Apple Push Notification service SSL (Production) option under Distribution section, then click "Continue" button.
Step 3: Select the App ID you want to use for your BYO app (How to Create An App ID), then click "Continue" to go to next step.
Step 4: Follow the steps "About Creating a Certificate Signing Request (CSR)" to create a Certificate Signing Request.
To supplement the instruction provided by Apple. Here are some of the additional screenshots to assist you to complete the required steps:
Step 4 Supplementary Screenshot 1: Navigate to Certificate Assistant of Keychain Access on your Mac.
Step 4 Supplementary Screenshot 2: Fill in the Certificate Information. Click Continue.
Step 5: Upload the ".certSigningRequest" file which is generated in Step 4, then click "Generate" button.
Step 6: Click "Done" to finish the registration, the iOS Provisioning Portal Page will be refreshed that looks like the following screen:
Then Click "Download" button to download the certificate (.cer file) you've created just now. - Double click the downloaded file to install the certificate into Keychain Access on your Mac.
Step 7: On your Mac, go to "Keychain", look for the certificate you have just installed. If unsure which certificate is the correct one, it should start with "Apple Production IOS Push Services:" followed by your app's bundle ID.
Step 8: Expand the certificate, you should see the private key with either your name or your company name. Select both items by using the "Select" key on your keyboard, right click (or cmd-click if you use a single button mouse), choose "Export 2 items", like Below:
Then save the p12 file with name "pushcert.p12" to your Desktop - now you will be prompted to enter a password to protect it, you can either click Enter to skip the password or enter a password you desire.
Step 9: Now the most difficult part - open "Terminal" on your Mac, and run the following commands:
cd
cd Desktop
openssl pkcs12 -in pushcert.p12 -out pushcert.pem -nodes -clcerts
Step 10: Remove pushcert.p12 from Desktop to avoid mis-uploading it to Build Your Own area. Open "Terminal" on your Mac, and run the following commands:
cd
cd Desktop
rm pushcert.p12
Step 11 - NEW AWS UPDATE: Create new pushcert.p12 to submit to AWS SNS. Double click on the new pushcert.pem, then export the one highlighed on the green only.
Credit: AWS new update
Now you have successfully created an Apple Push Notification Certificate (.p12 file)! You will need to upload this file to our Build Your Own area later on. :)
There's much simpler solution today — pem. This tool makes life much easier.
For example, to generate or renew your push notification certificate just enter:
fastlane pem
and it's done in under a minute. In case you need a sandbox certificate, enter:
fastlane pem --development
And that's pretty it.
$ cd Desktop
$ openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem
Thanks! to all above answers.
I hope you have a .p12 file. Now, open terminal write following command. Set terminal to the path where you have put .12 file.
$ openssl pkcs12 -in yourCertifcate.p12 -out pemAPNSCert.pem -nodes
Enter Import Password: <Just enter your certificate password>
MAC verified OK
Now your .pem file is generated.
Verify .pem file
First, open the .pem in a text editor to view its content. The certificate content should be in format as shown below. Make sure the pem file contains both Certificate content(from BEGIN CERTIFICATE to END CERTIFICATE) as well as Certificate Private Key (from BEGIN PRIVATE KEY to END PRIVATE KEY) :
> Bag Attributes
> friendlyName: Apple Push Services:<Bundle ID>
> localKeyID: <> subject=<>
> -----BEGIN CERTIFICATE-----
>
> <Certificate Content>
>
> -----END CERTIFICATE----- Bag Attributes
> friendlyName: <>
> localKeyID: <> Key Attributes: <No Attributes>
> -----BEGIN PRIVATE KEY-----
>
> <Certificate Private Key>
>
> -----END PRIVATE KEY-----
Also, you check the validity of the certificate by going to SSLShopper Certificate Decoder and paste the Certificate Content (from BEGIN CERTIFICATE to END CERTIFICATE) to get all the info about the certificate as shown below:
Apple have changed the name of the certificate that is issued. You can now use the same certificate for both development and production. While you can still request a development only certificate you can no longer request a production only certificate.
it is very simple after exporting the Cert.p12 and key.p12,
Please find below command for the generating 'apns' .pem file.
https://www.sslshopper.com/ssl-converter.html

command to create apns-dev.pem from Cert.pem and Key.pem

openssl rsa -in Key.pem -out apns-dev-key-noenc.pem

cat Cert.pem apns-dev-key-noenc.pem > apns-dev.pem
Above command is useful for both Sandbox and Production.
According to Troubleshooting Push Certificate Problems
The SSL certificate available in your Apple Developer Program account contains a public key but not a private key. The private key exists only on the Mac that created the Certificate Signing Request uploaded to Apple. Both the public and private keys are necessary to export the Privacy Enhanced Mail (PEM) file.
Chances are the reason you can't export a working PEM from the certificate provided by the client is that you do not have the private key. The certificate contains the public key, while the private key probably only exists on the Mac that created the original CSR.
You can either:
Try to get the private key from the Mac that originally created the CSR. Exporting the PEM can be done from that Mac or you can copy the private key to another Mac.
or
Create a new CSR, new SSL certificate, and this time back up the private key.

certificate and private key for push notification

I need cert.pem and key.pem for API(in my node js backend) but I just download .cert file from App IDs -> Edit -> Download. How can I get it, I can extract it from .cer file?
Generate a Push Certificate
To generate a certificate on a Mac OS X:
Log-in to the iPhone Developer Program Portal
Choose App IDs from the menu on the right
Create an App ID without a wildcard. For example 3L223ZX9Y3.com.armiento.test
Click the Configure link next to this App ID and then click on the button to start the wizard to generate a new Development Push SSL Certificate (Apple Documentation: Creating the SSL Certificate and Keys)
Download this certificate and double click on aps_developer_identity.cer to import it into your Keychain
Launch Keychain Assistant (located in Application, Utilities or search for it with Spotlight) and click on My Certificates on the left
Expand Apple Development Push Services and select Apple Development Push Services AND your private key (just under Apple Development Push Services)
Right-click and choose "Export 2 elements..." and save as server_certificates_bundle_sandbox.p12 (don't type a password).
Open Terminal and change directory to location used to save server_certificates_bundle_sandbox.p12 and convert the PKCS12 certificate bundle into PEM format using this command (press enter when asked for Import Password):
openssl pkcs12 -in server_certificates_bundle_sandbox.p12 -out server_certificates_bundle_sandbox.pem -nodes -clcerts
Now you can use this PEM file as your certificate in ApnsPHP!
Copied from:
http://www.pressmatrix.de/product-blog/apple-ios-push-notification-setup-guide/
Launch the Keychain Access tool and select My Certificates in the left hand panel.
Locate the certificate you wish to install and reveal its contents. There should be both a certificate and a private key inside.
Select both the certificate and private key, then click File and Export Items. Select Personal Information Exchange (.p12) as the output file format.
Move the CSR file, .p12 file and xxx.cer files into the same folder and navigate to that location within the terminal window.
Convert the xxx.cer file into a cert.pem file using the following command:
openssl x509 -in xxx.cer -inform der -out cert.pem
Convert the private key xxx.p12 into a key.pem file:
openssl pkcs12 -nocerts -out key.pem -in xxx.p12
Or refer to:
https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Chapters/ProvisioningDevelopment.html#//apple_ref/doc/uid/TP40008194-CH104-SW5

server side push notifications,how to generate cerificates in ios

First of all thanks for your attention. The escenario here is that I need to send the same PUSH notification to thousands of devices. I've been reading the Apple documentation regarding to this topic, how to generate .p12 certificate in pushnotifications
To Generate a Push Certificate for server Side Follow these simple steps
Step 1: Log-in to the iPhone Developer Program Portal.
Step 2: Choose App IDs from the menu on the right.
Step 3: Create an App ID without a wildcard. For example 3L223ZX9Y3.com.hello.test
Step 4: Click the Configure link next to this App ID and then click on the button to start the wizard to generate a new Development Push SSL Certificate
Step 5: Download this certificate and double click on aps_developer_identity.cer to import it into your Keychain.
Step 6: Launch Keychain Assistant (located in Application, Utilities or search for it with Spotlight) and click on My Certificates on the left.
Step 7: Expand Apple Development Push Services and select Apple Development Push Services AND your private key (just under Apple Development Push Services).
Step 8: Right-click and choose "Export 2 elements..." and save as server_certificates_bundle_sandbox.p12 (don't type a password).
Step 9: Open Terminal and change directory to location used to save server_certificates_bundle_sandbox.p12 and convert the PKCS12 certificate bundle into PEM format using this command (press enter when asked for Import Password):
openssl pkcs12 -in server_certificates_bundle_sandbox.p12 -out server_certificates_bundle_sandbox.pem -nodes -clcerts

generate push notification ssl certificate and provision using new apple panel for development?

using this link i try to make push notification apps .
but, this used old apple panel for generate ssl and provision certificate.
any one generate ssl and provision using new apple panel?
below step for generate ck.pem
1) $ openssl x509 -in aps_developer_identity.cer -inform der -out
PushChatCert.pem
2) $ openssl pkcs12 -nocerts -out PushChatKey.pem -in PushChatKey.p12
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
3) $ cat PushChatCert.pem PushChatKey.pem > ck.pem
4) $ telnet gateway.sandbox.push.apple.com 2195
Trying 17.172.232.226...
Connected to gateway.sandbox.push-apple.com.akadns.net.
Escape character is '^]'.
is this correct step?
please help me......
thanks
You can still use the Provisioning and Development guide. They haven't modified it for the new Certificates, Identifiers & Profiles page (which replaced the iOS Provisioning Portal) yet, but it doesn't make much difference.
In the following screen click on Identifiers :
Then click on the relevant App ID (or create a new one if it doesn't exist).
Then click Edit.
Then make sure the check box next to Push Notifications is enabled (check it if it's not).
Then click Create Certificate... for either Development or Production.
The rest of the process should be identical to the way it was before the portal change, so you can either use the instructions in the link I provided, or instructions from other tutorials (such as the one in the link you provided).

Resources