5

I need to install the certificate I've downloaded from apple dev portal in order to test the push notification on my Windows server. I searched online a solution but everyone says different things about it, Does anyone has a step by step guide on how to do this?

1 Answers1

8

I have also been researching this subject. The following links may be useful to you:

http://loudsoftware.com/?p=186

https://arashnorouzi.wordpress.com/2011/04/01/sending-apple-push-notifications-in-asp-net-%e2%80%93-part-2-generating-apns-certificates/

I finally got this working by following these key points that I managed to get out of those links above. It assumes that you have already created the Apple Push certificates and private keys following "standard apple push" instructions.

On your Mac machine, generate your certificates as follows (credit to arashnorouzi):

Create a PKCS12 format file using open ssl, you will need your developer private key (which can be exported from the keychain) and the CertificateSigningRequest??.certSigningRequest

  1. Convert apn_developer_identity.cer (der format) to pem:

openssl x509 -in apn_developer_identity.cer -inform DER -out apn_developer_identity.pem -outform PEM}

  1. Next, Convert p12 private key to pem (requires the input of a minimum 4 char password):

openssl pkcs12 -nocerts -out private_dev_key.pem -in private_dev_key.p12

  1. (Optional): If you want to remove password from the private key:

openssl rsa -out private_key_noenc.pem -in private_key.pem

  1. Take the certificate and the key (with or without password) and create a PKCS#12 format file:

openssl pkcs12 -export -in apn_developer_identity.pem -inkey private_key_noenc.pem -certfile CertificateSigningRequest??.certSigningRequest -name “apn_developer_identity” -out apn_developer_identity.p12

Now, on your Windows Server do the following (credit to bill at loudsoftware):

  • Copy the above.p12 file to windows server
  • Open mmc.exe and import .p12 file into the “console root -> Certificates(Local Machine)” certificates, and file under “Personal
  • Add permissions to the certificate

In detail:

  • Go to Start > Run
  • Type mmc and press Enter
  • Click on File > Add/Remove Snap-in
  • Select the Certificates snap-in and click Add
  • Select the Computer account option and click Next
  • Select the Local Computer option and click Finish
  • Click OK
  • Expand Certificates > Personal and select the Certificates folder
  • Right-click on Apple Push Notification Service – Client Certificate and select All Tasks > Manage Private Keys
  • On the Security tab for the properties of the certificate, click Add
  • Type Authenticated Users and click Check Name then “OK”
  • Select the Read check box under the Allow column
  • Click Apply then OK
Danny Schoemann
  • 1,270
  • 26
  • 41
Various Artist
  • 357
  • 5
  • 16
  • While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. – Luke Jun 24 '15 at 21:29
  • Thanks Luke, I have updated the comments with the salient points that got this working for me. I didn't want to include any points the first time around because it wasn't working for me then and I wanted to be careful about copying too much of someone else's work. However now that it is working for me, these are the key points that I needed which seemed to be missing from any other research I had done. Hopefully it's enough for oSigno too – Various Artist Jun 25 '15 at 01:52
  • 1
    @VariousArtist - I edited it to make it obvious that the first 3 points on the Windows Server are a summary. (after spending some time trying to implement it before reading the rest.) Kudos for a great answer. – Danny Schoemann Sep 20 '15 at 10:25
  • Instead of all the OpenSSL steps, you can create the PKCS12 file directly from Keychain Access on the Mac. Select both the APN cert and its associated private key, then go to File menu -> Export Items -> save using the default .p12 format -> enter password to protect the exported items. Same for the Root & Intermediate CA certs - they should be in the keychain if Xcode has been installed on that Mac. – jk7 Apr 18 '16 at 22:35
  • 1
    @jk7 I tried your approach and although it generated the P12 file, that file did not work on my windows server (even though it was recognized correctly in the MMC console). However, when I exported just the Private Key using your suggested approach then that worked perfectly. Thanks for the suggestion as it definitely reduces the steps and makes it easier, even though I had to tweak it a little – Various Artist Feb 02 '18 at 17:30
  • This link helped me a lot: https://stackoverflow.com/questions/23329040/pushsharp-apns-production-the-credentials-supplied-to-the-package-were-not-reco – Various Artist Feb 02 '18 at 17:36