Skip to content

Latest commit

 

History

History
58 lines (31 loc) · 2.41 KB

APNS.rst

File metadata and controls

58 lines (31 loc) · 2.41 KB
Raw

Generation of an APNS PEM file

The APNS_CERTIFICATE setting must reference the location of a PEM file. This file must contain a certificate and private key pair allowing a secure connection to Apple's push gateway.

These instructions assume the use of Mac OS X.

There are two main steps involved; generating the certificate, then conversion of this certificate into PEM format for use with this library.

Generating the push certificate

Using Apple's Developer site you need to generate a push notification certificate for either development or production. There are countless instructions online and Apple change their flow for this regularly, so it is not documented here. The end result should be an exported certificate and private key with the p12 extension.

When initiating the certificate generation flow in Apple's Dev site, do this from within the specific app's configuration:

Identifiers -> App IDs -> [Your App] -> Edit -> Push Notifications Section (Create Certificate) .

If you initiate this flow from the top level Certificates section, the resulting export may contain both sandbox and production certificates and keys, which confuses matters a lot.

Converting the certificate to `PEM` format

The flow is similar for development and production environments. These steps are adapted from a Stack Overflow post.

Step 1: Create Certificate .pem from Certificate .p12

$ openssl pkcs12 -clcerts -nokeys -out aps-cert.pem -in Certificates.p12

Step 2 Create Key .pem from Key .p12

$ openssl pkcs12 -nocerts -out aps-key.pem -in Certificates.p12

Step 3 Remove pass phrase on the key

$ openssl rsa -in aps-key.pem -out aps-key-noenc.pem

Step 4 Combine the two into one file

$ cat aps-cert.pem aps-key-noenc.pem > aps.pem

Step 5 Check certificate validity and connectivity to APNS

$ openssl s_client -connect gateway.push.apple.com:2195 -cert aps-cert.pem -key aps-key-noenc.pem

If the certificate and key are valid, the connection will open and remain open. If it is not the connection will be closed and an error potentially displayed.

To test if the certificate works in sandbox mode, simply replace the gateway with gateway.sandbox.push.apple.com:2195.