Skip to content

Generating Certificates

Greg Blake edited this page Nov 13, 2018 · 5 revisions


First, we must create and download an APN .cer file from Apple.

Creating and Downloading an APN Certificate from Apple

Log in to the iOS Developer portal (App IDs).

Select your app bundle, scroll down and click "Edit." This will bring you to a page that will allow you to setup and configure services for your app. Scroll down until you see the service labeled “Push Notifications.” Depending on whether you’re creating a Development or Production certificate, click the appropriate “Create Certificate” button.

Creating the Push Notification Certificate

Follow the instructions to create a Certificate Signing Request, click "Continue," upload the CSR, and download the resulting .cer file.

Then open your .cer with Keychain Access, either by double-clicking it or by dragging it into the Keychain window. Then use the left-hand panel to navigate to “My Certificates” and locate the certificate you just added. (It could have been added to “Certificates” as well.)

Converting your .cer into a .p12

  1. Open up Keychain Access and select the Certificates category in the sidebar.
  2. Expand the disclosure arrow next to the iOS Push Services certificate you want to export.
  3. Select both the certificate and private key.
  4. Right click and select Export 2 items....
  5. Save the file as cert.p12, make sure the File Format is Personal Information Exchange (p12).

Converting your .p12 into a .pem

Convert the .p12 certificate to a .pem, where <environment> should be development or production, depending on the certificate you exported.

Without a password:

openssl pkcs12 -nodes -clcerts -in cert.p12 -out <environment>.pem

With a password:

openssl pkcs12 -clcerts -in cert.p12 -out <environment>.pem


Exporting to p12 (steps 1 to 5 above):

openssl pkcs12 -export -in certificate.pem -inkey privkey.pem  -out cert.p12

To join the certificate and private key to a single .pem file:

Without a password

openssl pkcs12 -nodes -clcerts -in cert.p12 -out <environment>.pem

With a password

openssl pkcs12 -clcerts -in cert.p12 -out <environment>.pem
You can’t perform that action at this time.