Following most instructions on the web make it sound as easy as generating a CSR using IIS. However I ran into a few difficulties - namely Apple seemed to think my brand new CSR was invalid. Probably has something to do with my local setup (IIS 10 on Windows 10) but that shouldn’t be a road block.
Why? w-w-w-w-why? Be more constructive with feedback.
To be fair most instructions (including Microsoft Azure documentation) only show you how to do it on the Mac. However I was able to generate a CSR that Apple liked the look of using OpenSSL.
Here’s the process
Download OpenSSL for windows and install it if you haven’t got it already.
Generate a private key
openssl genrsa -out new-ios-app.key 2048
Generate CSR from the private key
openssl req -new -sha256 -key new-ios-app.key -out new-ios-app.csr
Now you’ll have a CSR that Apple will accept. Upload it to the Apple website and follow the prompts to get your public certificate (.cer file) back.
Finally combine the private key and .cer file into a .pfx file
openssl pkcs12 -export -out new-ios-app.pfx -inkey new-ios-app.key -in new-ios-app.cer
If you get the error “unable to load certificates” for step 5, try these additional steps.
Convert the CER downloaded from Apple to a PEM
openssl x509 -inform der -in new-ios-app.cer -out new-ios-app.pem
Try combine the private key and .pem file into a .pfx file
openssl pkcs12 -export -out new-ios-app.pfx -inkey new-ios-app.key -in new-ios-app.pem
If you need a PEM file instead of a PFX, just run this command
openssl pkcs12 -in new-ios-app.pfx -out new-ios-app.pem
Woohoo, too easy right. You now have your PFX/PEM file to push notifications to your iOS app from your windows server or where ever.