APNs SSL/TLS certificate
Get and configure an SSL/TLS certificate to establish secure connections to the Apple Push Notification service.
com.APNS
class is now desupported. The
documentation pages related to the APNS binary protocol are still provided for information. Contact
your support center, if you need to implement APNS with the new HTTP/2-based provider API.Basics
The Apple® Push Notification Certificate identifies the push notification service for a given mobile app. This certificate is created from an App ID (also known as Bundle ID) and is used by the APNs system to dispatch the notification message to the registered devices.
- Sandbox (for development and test purpose)
- Production (for deployment)
Get an APNs certificate for your app
In this section we will produce the myapp.cer file and myapp-key.p12 file.
To create an Apple Push Notification Certificate:
- Log in to Apple's Member Center with you iOS developer or enterprise account.
- Select Certificates, Identifiers & Profiles.
- Under App IDs, make sure that you have created an App ID with the Push Notification service enabled, for development and/or distribution.
- Under Certificates, select the + symbol.
- Select Apple Push Notification service SSL (Sandbox) for development, or Apple Push Notification service SSL (Sandbox & Production) for production.
- Choose the App ID with push notifications service enabled.
- Follow the instructions to create a Certificate Signing Request (CSR) file from your Mac, then click Continue.
- Back in the web browser and IOS Certificate page, upload the CSR file you have generated.
- Generate the certificate.
- Once the certificate is generated, download it. The certificate will be downloaded into your Downloads folder, as a .cer file (for example, myapp.cer).
- Double-click this file to import the certificate into the Mac® Keychain®.
- The new certificate is now listed in the Certificates list.
- Open your Keychain app and locate the certificate you created, export the private key in p12 format (for example, myapp-key.p12). Note that you will be asked for a password to encode the .p12 file, and for your session password, to exported Keychain files.
Configure Genero to use the APNs certificate
On the Genero push provider server, you will need the public certificate
(myapp.crt file) and the private key
(myapp-key.pem file) for you app. These files will be
referenced in the security.global.certificate
and
security.global.privatekey
entries of FGLPROFILE.
security.global.ca
entry in FGLPROFILE.security.global.ca
entry) is not
required: The Web Services library reads the Keystore of the Mac computer, to authenticate the APNs
server.$ openssl x509 -in myapp.cer -inform der -out myapp.crt
Convert
the myapp-key.p12 file (containing the private key) to a
myapp-key.pem format, with the openssl
pkcs12
command:$ openssl pkcs12 -nocerts -in myapp-key.p12 -out myapp-key.pem
security.global.privatekey
expects unencrypted
private key files. Therefore, you need to remove the passphrase from the
myapp-key.pem file, with the openssl rsa
command:$ openssl rsa -in myapp-key.pem -out myapp-key-noenc.pem
security.*
entries:security.global.ca = "apple_entrust_root_certification_authority.pem"
security.global.certificate = "myapp.crt"
security.global.privatekey = "myapp-key-noenc.pem"
apple_entrust_root_certification_authority.pem
is the HTTPS root certificate authenticating the APNs server (if the computer is not a Mac).myapp.crt
is the public certificate for your app.myapp-key-noenc.pem
is the unencrypted private key file for your app.