Creating .pem file for APNS?
Here is what I did, From:blog.boxedice.com and "iPhone Advanced Projects" chapter 10 byJoe Pezzillo.
With the aps_developer_identity.cer in the keychain:
- Launch Keychain Access from your local Mac and from the login keychain, filter by the Certificates category. You will see an expandable option called “Apple Development Push Services”
- Right click on “Apple Development Push Services” > Export “Apple Development Push Services ID123″. Save this as
apns-dev-cert.p12
file somewhere you can access it. There is no need to enter a password. The next command generates the cert in Mac’s Terminal for PEM format (Privacy Enhanced Mail Security Certificate):
openssl pkcs12 -in apns-dev-cert.p12 -out apns-dev-cert.pem -nodes -clcerts
On the server set the file permission of this unencrypted key by using chmod 400.
Steps:
- Create a CSR Using Key Chain Access
- Create a P12 Using Key Chain Access using private key
- APNS App ID and certificate
This gives you three files:
- The CSR
- The private key as a p12 file (
PushChatKey.p12
) - The SSL certificate,
aps_development.cer
Go to the folder where you downloaded the files, in my case the Desktop:
$ cd ~/Desktop/
Convert the .cer file into a .pem file:
$ openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem
Convert the private key’s .p12 file into a .pem file:
$ openssl pkcs12 -nocerts -out PushChatKey.pem -in PushChatKey.p12
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
You first need to enter the passphrase for the .p12 file so that openssl can read it. Then you need to enter a new passphrase that will be used to encrypt the PEM file. Again for this tutorial I used “pushchat” as the PEM passphrase. You should choose something more secure. Note: if you don’t enter a PEM passphrase, openssl will not give an error message but the generated .pem file will not have the private key in it.
Finally, combine the certificate and key into a single .pem file:
$ cat PushChatCert.pem PushChatKey.pem > ck.pem
Development Phase:
Step 1: Create Certificate .pem from Certificate .p12openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns-dev-cert.p12
Step 2: Create Key .pem from Key .p12openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns-dev-key.p12
Step 3 (Optional): If you want to remove pass phrase asked in second step openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem
Step 4: Now we have to merge the Key .pem and Certificate .pem to get Development .pem needed for Push Notifications in Development Phase of App.
If 3rd step was performed, run:cat apns-dev-cert.pem apns-dev-key-noenc.pem > apns-dev.pem
If 3rd step was not performed, run:cat apns-dev-cert.pem apns-dev-key.pem > apns-dev.pem
Step 5: Check certificate validity and connectivity to APNS
If 3rd step was performed, run:openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert apns-dev-cert.pem -key apns-dev-key-noenc.pem
If 3rd step was not performed, run:openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert apns-dev-cert.pem -key apns-dev-key.pem
Production Phase:
Step 1: Create Certificate .pem from Certificate .p12openssl pkcs12 -clcerts -nokeys -out apns-pro-cert.pem -in apns-pro-cert.p12
Step 2: Create Key .pem from Key .p12openssl pkcs12 -nocerts -out apns-pro-key.pem -in apns-pro-key.p12
Step 3 (Optional): If you want to remove pass phrase asked in second step openssl rsa -in apns-pro-key.pem -out apns-pro-key-noenc.pem
Step 4: Now we have to merge the Key .pem and Certificate .pem to get Production .pem needed for Push Notifications in Production Phase of App.
If 3rd step was performed, run:cat apns-pro-cert.pem apns-pro-key-noenc.pem > apns-pro.pem
If 3rd step was not performed, run:cat apns-pro-cert.pem apns-pro-key.pem > apns-pro.pem
Step 5: Check certificate validity and connectivity to APNS.
If 3rd step was performed, run:openssl s_client -connect gateway.push.apple.com:2195 -cert apns-pro-cert.pem -key apns-pro-key-noenc.pem
If 3rd step was not performed, run:openssl s_client -connect gateway.push.apple.com:2195 -cert apns-pro-cert.pem -key apns-pro-key.pem