Apple certificates for Push Notifications (iOS Push Notifications — Part I)

We are all aware that creating apple certificates can be a time consuming tasks for a person doing it for the very first time, I was facing one such situation when I wanted to generate the certificates for configuring iOS push notifications and ended up spending a lot of time majorly because I wasn’t sure of how many certificates I would need and in which format.

With iOS Push Notifications in mind, I have covered the process of generating all the apple certificates you would need in this blog. If you follow the steps in order it shouldn’t take more than 10–15 mins even for a beginner to get all the certificates generated.

So let’s get started.

Pre-requisites for generating the certificates are :

  1. iOS device (would need a real phone since push notifications don’t work on simulators, also for the mobile provisioning certificate we need a UDID of the device).
  2. Mac OS running system.
  3. Paid apple membership account. Without that you will not be able to generate the necessary certificates. It has an annual membership cost of $99 and you can easily create one on the apple developer console.

To configure push notifications you would need to :

  1. Generate an App Id on the apple developer console
  2. Generate a Certificate signing request using Keychain Access application on your Mac.
  3. Register your apple device on apple developer console.
  4. Generate client certificate on apple developer console
  5. Generate a mobile provisioning certificate on apple developer console
  6. Generate a server certificate on apple developer console
  7. Convert your client and server certificate into a p12 format with/without a password.

It may seem overwhelming, but I have listed down each and every step with snapshots so I believe it will not be a daunting task.

Lets start with generating the App id.

  1. Generate an App Id.

Sign-in to apple developer console and follow the steps as shown in snapshots below :

Click on Certificates, IDs & Profiles.
Click on App IDs and click on “+” sign on right hand side top corner to create a new App ID.
Enter the Name and Bundle ID and scroll down.
Make sure to enable the Push Notification service and click Continue.
Click register to create your App ID.
You will get a confirmation that the Id is created, click on Done will add the newly created ID to the list of App ids on the main page for identifiers.
App Id created.

2. Generate a Certificate Signing Request.

You can generate this from your key chain access application on Mac. Follow snapshot given below :

Open Key chain Access application on your Mac and select Certificate Assistant → Request a Certificate From a Certificate Authority.
Enter the email address corresponding to your apple developer account in “User Email Address” and and preferred name in “Common Name” and select option “Saved to disk” and click Continue.
Enter an appropriate name for your certificate and save it to a location of your choice. Note that this file will be saved with an extension .certSigningRequest on you local disk.
Certificate created and saved to disk.

3. Register your Apple Device

On the apple developer console click on Devices → All and follow the snapshots given below:

Click on “+” — right hand side top corner to register a new device.
Enter a name for your device and the device’s UDID. You can find out the UDID of your iPhone, by connecting it to iTunes on your mac and navigating to your phone details as shown in next snapshot.
Device UDID on iTunes.
If everything is entered properly, your device will be registered and we are good to go to the next step.

4. Generate Client Certificate.

Now that we have the app id and the certificate signing request and the device is registered, we can move on to create a client certificate

Go to apple developer console and sign-in if needed.

Follow the steps below to create the client certificate.

Click on Certificates, IDs & Profiles.
Click on Certificates → All → “+” sign on right hand top corner to create a new certificate.
Select option “iOS App Development” since we are creating a client certificate, you would select the second option if you are creating a server side certificate.
Scroll down to click continue.
At this point you will be asked to supply the Certificate Signing Request you created earlier in step 2 using Keychain Access application. Click Continue to proceed.
Select the .certSigningRequest file created using Keychain Access and click Open.
Your certificate is ready for downloading to your local disk. The certificate will be listed in the ALL section and will be available for download at any later point as well.

5. Generate Mobile Provisioning Certificate.

The mobile provisioning certificate is tied to the device you would be testing on and if there is a mismatch between the mobile device id you specify here and the one you deploy your code on, your app will not work. So make sure your testing device is the one mentioned here.

On the apple developer console, follow the snapshots given below to create the mobile provisioning certificate.

Go to Provisioning Profiles → All. Click on “+” sign to create a new certificate.
Select the first option in Development → iOS App Development.
Select the app id you created in step 1.
Select the client certificate you created in step 3 and click continue.

Note that in case there are no certificates listed here, the wizard will route you to create certificates. Also only certificates created using option “iOS App Development” will be displayed here. I wasted a lot of time on this step since I was incorrectly selecting “Apple Push Notification service SSL (Sandbox)” and expecting it to show up here.

Select the device you registered in step 3.
Your mobile provisioning certificate will be generated, click on Continue to move ahead.
Your mobile provisioning certificate is ready for download and use.

6. Generate Server Certificate

This is the certificate which you will provide to the server side code. You can create this certificate either from the app id section or the certificates section. I will take you through both of them and you can select which-ever you are more comfortable with.

a. Create server certificate from App id

Sign-in to apple developer console and follow the steps as shown in snapshots below :

Navigate to Identifiers → App IDs section and you should see your app id listed.
Click on the app id to expand and click on Edit button to go further ahead.
Make sure that the option for ‘Push Notifications’ is checked, else the ‘Create Certificate’ button will not be active. So you will need to check ‘Push Notifications’ first if not already checked and then click on ‘Create Certificate’ under Development SSL Certificate section.

From this point, the process is similar to the one you followed for creating the client certificate.

Click Continue to proceed.
Select the .certSigningRequest file created using Keychain Access and click continue.
Your certificate will be ready for download. You can download it right now or it will always be available in the list of certificates if you wish to download later.

b. Creating server certificate from certificates section

Note that the process for creation of the client and server certificate is identical except for the fact that for a server certificate you create “Apple Push Notification service SSL (Sandbox)” and for the client you create “iOS App Development”. The reason being the server side code needs to establish a connection with the apple push notification server (APNS) and needs a special kind of certificate while the client certificate is a normal iOS certificate which you can use for any kind of iOS application.

To start with sign-in into apple developer console and navigate to the certificates section.

Click on the “+” button on the right top corner to create a new certificate.
This time select the option “Apple Push Notification service SSL(Sandbox)”.
Scroll down to click continue.
Select the app id you created earlier and click continue.
Click Continue to proceed and select the CSR file.
Select the .certSigningRequest file created using Keychain Access and click continue.
Your certificate will be ready for download. You can download it right now or it will always be available in the list of certificates if you wish to download later.

7. Convert your client and server certificate into a p12 format with/without a password.

Last but not the least you will need to convert your client and server certificates you downloaded from the apple developer console website into .p12 format.

This can be done using the key chain access application on your Mac.

Open Keychain Access application on your Mac and follow the steps given below.

In Keychain Access, Go to File → Import Items.
Select the certificate you had created and saved to your disk from apple developer console.
As soon as you import, the certificate should appear in the list of Certificate under your login category. Right click on the certificate and select Export.
Key Chain Access by default exports in a .p12 format, DO NOT change this, give an appropriate name to the file, choose a location you want to save your .p12 certificate to and click Save.
At this point key chain access will ask you to secure your .p12 with a password. You can set any password you wish or keep it blank and click OK. Remember the password you specified here — we would need it later.
Next type-in your profile password on the Mac. Note that you need to have admin rights on the mac device in order to export a .p12. Click on Allow to move ahead and save the .p12 to your local disk.
You now have your p12 stored to your local disk.

Conclusion

You now have all the certificates in their required format and are all-equipped to dive into the real coding for push notifications.

In the next part we will create a sample phonegap app and deploy it on our iPhone which will give us the required environment setup.

Post that all we need to do is add some custom code to the base app to handle push notifications and write a small piece of code to send push notifications.

In case you face any issues while creating any of these certificates, leave me a comment down and I would be more than happy to help you out.