Generating an Apple Push Notification Certificate on Windows
Following most instructions on the web make it sound as easy as generating a CSR using IIS. However I ran into a few difficulties - namely Apple seemed to think my brand new CSR was invalid. Probably has something to do with my local setup (IIS 10 on Windows 10) but that shouldn’t be a road block.
Why? w-w-w-w-why? Be more constructive with feedback.
To be fair most instructions (including Microsoft Azure documentation) only show you how to do it on the Mac. However I was able to generate a CSR that Apple liked the look of using OpenSSL.
Here’s the process
-
Download OpenSSL for windows and install it if you haven’t got it already.
-
Generate a private key
openssl genrsa -out new-ios-app.key 2048 -
Generate CSR from the private key
openssl req -new -sha256 -key new-ios-app.key -out new-ios-app.csr -
Now you’ll have a CSR that Apple will accept. Upload it to the Apple website and follow the prompts to get your public certificate (.cer file) back.
-
Finally combine the private key and .cer file into a .pfx file
openssl pkcs12 -export -out new-ios-app.pfx -inkey new-ios-app.key -in new-ios-app.cer
If you get the error “unable to load certificates” for step 5, try these additional steps.
-
Convert the CER downloaded from Apple to a PEM
openssl x509 -inform der -in new-ios-app.cer -out new-ios-app.pem -
Try combine the private key and .pem file into a .pfx file
openssl pkcs12 -export -out new-ios-app.pfx -inkey new-ios-app.key -in new-ios-app.pem
If you need a PEM file instead of a PFX, just run this command openssl pkcs12 -in new-ios-app.pfx -out new-ios-app.pem
Woohoo, too easy right. You now have your PFX/PEM file to push notifications to your iOS app from your windows server or wherever.