Preparing Certificates

Michael Stewart edited this page Mar 6, 2018 · 8 revisions

apparently these certificates are no longer the preferred way to connect. consider using tokens instead


After requesting the certificate from Apple, download the .cer file (usually named aps_production.cer or aps_development.cer) from the iOS Provisioning Portal, save in a clean directory, and import it into Keychain Access.

It should now appear in the keyring under the "Certificates" category, as Apple Push Services. Inside the certificate you should see a private key (only when filtering for the "Certificates" category). Export this private key as a .p12 file.

Now, in the directory containing cert.cer and key.p12, execute the following commands to generate your .pem files:

$ openssl x509 -in cert.cer -inform DER -outform PEM -out cert.pem
$ openssl pkcs12 -in key.p12 -out key.pem -nodes

Test certificates:

$ openssl s_client -connect gateway.push.apple.com:2195 -cert cert.pem -key key.pem # production

If you are using a development certificate you may wish to name them differently to enable fast switching between development and production. The filenames are configurable within the module options, so feel free to name them something more appropriate.

It is also possible to supply a PFX (PFX/PKCS12) package containing your certificate, key and any relevant CA certificates. The method to accomplish this is left as an exercise to the reader. It should be possible to select the relevant items in "Keychain Access" and use the export option with .p12 format.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.