APNS Client Development Certificate

The first time that I create my certificate I had some problems, for this reason I decide to write them down in order to remember  how I should proceed the next time.

I will describe what I did to create the Certificate for the developer and for the production almost all the steps are the same.

I suppose that you already have your APP ID, remember should be without * (no wild cards)

On the developer site of apple,Ios Provisioning Portal -> APP IDs then click configure on your application and check Enable for Apple Push Notification service

Now click configure and follow the steps

which are:
Open Keychain Access, go on the drop down menu, select Keychain Access -> Certificate Assistant -> Request a Certificate from a Certificate Authority
In the Certificate Information window, enter the following information:

* In the User Email Address field, enter your email address
* In the Common Name field, create a name for your private key
(eg. John Doe Dev Key)
* In the Request is group, select the “Saved to disk” option

Click Continue within Keychain Access to complete the CSR generating process (all this is from the window that Apple site will show)

Now that you have save the CSR on your disk, you can click continue and upload it

Wait for the genration of the cer file, which should take around a minutes, when finish download it

Import the CER file into keychain and export the certificate and the key (not the public key) and saved as .p12 files.

Download the entrust ca https://www.entrust.net/downloads/binary/entrust_2048_ca.cer

Then you can generate the certificate and the key by running these commands:

openssl pkcs12 -clcerts -nokeys -out apns-cert.pem -in apns-cert.p12 -CAfile entrust_2048_ca.cer

openssl pkcs12 -nocerts -out apns-key.pem -in apns-key.p12 -CAfile entrust_2048_ca.cer

cat apns-cert.pem apns-key.pem > apns.pem

The apns.pem will be used by your own php script communicating with APNS.

if you do not want the password, you can remove with this command

openssl rsa -in apns-key.pem -out apns-key-unencrypted.pem

Then combine the certificate and key

cat apns-cert.pem apns-key-unencrypted.pem > apns.pem

you can test for the sanbox area with this command

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert apns.pem

However, it does not work for the production it will return error 21

depth=0 /C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Services/CN=gateway.push.apple.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Services/CN=gateway.push.apple.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Services/CN=gateway.push.apple.com
verify error:num=21:unable to verify the first certificate
verify return:1

However, when I used with my PHP everything was working

I was stuck with that error,

Leave a Reply

Your email address will not be published. Required fields are marked *