Creating .pem file for APNS?

后端 未结 11 2151
野的像风
野的像风 2020-11-27 08:59

How do I create a .pem file to be stored in the hosting server for APN payload data?

相关标签:
11条回答
  • 2020-11-27 09:33

    ->> Apple's own tutorial <<- is the only working set of instructions I've come across. It's straight forward and I can confirm it works brilliantly on both a linux php server and a windows php server.

    You can find their 5-step pem creation process right at the bottom of the page.

    0 讨论(0)
  • 2020-11-27 09:39

    Here is what I did, From:blog.boxedice.com and "iPhone Advanced Projects" chapter 10 byJoe Pezzillo.

    With the aps_developer_identity.cer in the keychain:

    1. Launch Keychain Access from your local Mac and from the login keychain, filter by the Certificates category. You will see an expandable option called “Apple Development Push Services”
    2. Right click on “Apple Development Push Services” > Export “Apple Development Push Services ID123″. Save this as apns-dev-cert.p12 file somewhere you can access it. There is no need to enter a password.
    3. The next command generates the cert in Mac’s Terminal for PEM format (Privacy Enhanced Mail Security Certificate):

      openssl pkcs12 -in apns-dev-cert.p12 -out apns-dev-cert.pem -nodes -clcerts
      

    On the server set the file permission of this unencrypted key by using chmod 400.

    0 讨论(0)
  • 2020-11-27 09:39

    Development Phase:

    Step 1: Create Certificate .pem from Certificate .p12
    openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns-dev-cert.p12

    Step 2: Create Key .pem from Key .p12
    openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns-dev-key.p12

    Step 3 (Optional): If you want to remove pass phrase asked in second step
    openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem

    Step 4: Now we have to merge the Key .pem and Certificate .pem to get Development .pem needed for Push Notifications in Development Phase of App.

    If 3rd step was performed, run:
    cat apns-dev-cert.pem apns-dev-key-noenc.pem > apns-dev.pem

    If 3rd step was not performed, run:
    cat apns-dev-cert.pem apns-dev-key.pem > apns-dev.pem

    Step 5: Check certificate validity and connectivity to APNS

    If 3rd step was performed, run:
    openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert apns-dev-cert.pem -key apns-dev-key-noenc.pem

    If 3rd step was not performed, run:
    openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert apns-dev-cert.pem -key apns-dev-key.pem

    Production Phase:

    Step 1: Create Certificate .pem from Certificate .p12
    openssl pkcs12 -clcerts -nokeys -out apns-pro-cert.pem -in apns-pro-cert.p12

    Step 2: Create Key .pem from Key .p12
    openssl pkcs12 -nocerts -out apns-pro-key.pem -in apns-pro-key.p12

    Step 3 (Optional): If you want to remove pass phrase asked in second step
    openssl rsa -in apns-pro-key.pem -out apns-pro-key-noenc.pem

    Step 4: Now we have to merge the Key .pem and Certificate .pem to get Production .pem needed for Push Notifications in Production Phase of App.

    If 3rd step was performed, run:
    cat apns-pro-cert.pem apns-pro-key-noenc.pem > apns-pro.pem

    If 3rd step was not performed, run:
    cat apns-pro-cert.pem apns-pro-key.pem > apns-pro.pem

    Step 5: Check certificate validity and connectivity to APNS.

    If 3rd step was performed, run:
    openssl s_client -connect gateway.push.apple.com:2195 -cert apns-pro-cert.pem -key apns-pro-key-noenc.pem

    If 3rd step was not performed, run:
    openssl s_client -connect gateway.push.apple.com:2195 -cert apns-pro-cert.pem -key apns-pro-key.pem

    0 讨论(0)
  • 2020-11-27 09:39

    Steps:

    1. Create a CSR Using Key Chain Access
    2. Create a P12 Using Key Chain Access using private key
    3. APNS App ID and certificate

    This gives you three files:

    • The CSR
    • The private key as a p12 file (PushChatKey.p12)
    • The SSL certificate, aps_development.cer

    Go to the folder where you downloaded the files, in my case the Desktop:

    $ cd ~/Desktop/

    Convert the .cer file into a .pem file:

    $ openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem

    Convert the private key’s .p12 file into a .pem file:

    $ openssl pkcs12 -nocerts -out PushChatKey.pem -in PushChatKey.p12

    Enter Import Password:

    MAC verified OK Enter PEM pass phrase: Verifying - Enter PEM pass phrase:

    You first need to enter the passphrase for the .p12 file so that openssl can read it. Then you need to enter a new passphrase that will be used to encrypt the PEM file. Again for this tutorial I used “pushchat” as the PEM passphrase. You should choose something more secure. Note: if you don’t enter a PEM passphrase, openssl will not give an error message but the generated .pem file will not have the private key in it.

    Finally, combine the certificate and key into a single .pem file:

    $ cat PushChatCert.pem PushChatKey.pem > ck.pem

    0 讨论(0)
  • 2020-11-27 09:39

    I never remember the openssl command needed to create a .pem file, so I made this bash script to simplify the process:

    #!/bin/bash
    if [ $# -eq 2 ]
    then
        echo "Signing $1..."
    
        if ! openssl pkcs12 -in $1 -out $2 -nodes -clcerts; then
            echo "Error signing certificate."
        else
            echo "Certificate created successfully: $2"
        fi
    else
        if [ $# -gt 2 ]
        then
            echo "Too many arguments"
            echo "Syntax: $0 <input.p12> <output.pem>"
        else
            echo "Missing arguments"
            echo "Syntax: $0 <input.p12> <output.pem>"
        fi
    fi
    

    Name it, for example, signpem.sh and save it on your user's folder (/Users/<username>?). After creating the file, do a chmod +x signpem.sh to make it executable and then you can run:

    ~/signpem myCertificate.p12 myCertificate.pem

    And myCertificate.pem will be created.

    0 讨论(0)
提交回复
热议问题