apple apns certificate setup guide - citrix :: login
TRANSCRIPT
Rev 6.10.00
Zenprise Device Manager 6.1 APPLE APNS CERTIFICATE SETUP GUIDE
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
2
ZENPRISE DEVICE MANAGER 6.1 APPLE APNS CERTIFICATE SETUP GUIDE
© 2011 Zenprise, Inc. – All rights reserved.
This manual, as well as the software described in it, is furnished under license and may be used or copied only in accordance with the terms of such license. The content of this manual is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Zenprise, Incorporated. Zenprise Incorporated assumes no responsibility or liability for any errors or inaccuracies that may appear in this book.
Except as permitted by such license, no part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without prior written permission of Zenprise, Incorporated.
Any references to company names, organizations, persons, or places are for demonstrations purposes only and are not intended to refer to any actual company, organization, person or place.
REVISION NUMBER: 6.10.00
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
3
Contents
1 Introduction ....................................................................................................................... 4
1.1 Related Documentation ................................................................................................................................... 4 1.2 Document Conventions .................................................................................................................................... 5
2 Apple APNS for Device Manager ......................................................................................... 6
2.1 Overview .......................................................................................................................................................... 6 2.2 What is an Apple APNS Certificate? ................................................................................................................. 6 2.3 Basic APNS Certificate Steps ............................................................................................................................ 7
3 The Certificate Signing Request ........................................................................................... 8
3.1 Creating a CSR with Windows 7 & Server 2008 ................................................................................................ 8 3.2 Creating a CSR with Mac OS X ........................................................................................................................ 12
4 Apple APNS Certificate Process .......................................................................................... 15
4.1 Apple iOS Developer for Enterprise Portal ..................................................................................................... 15 4.2 Generating an App ID and APNS Certificates ................................................................................................. 15
5 Exporting Certificates ........................................................................................................ 23
5.1 Export the APNS Certificate: Windows OS ..................................................................................................... 23 5.2 Export the APNS Certificate: Mac OS X .......................................................................................................... 25
6 Appendix .......................................................................................................................... 28
6.1 Using OpenSSL ............................................................................................................................................... 28
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
4 Introduction
1 INTRODUCTION
This document describes setup and creation of an APNS certificate from the Apple iOS Developer for
Enterprise program for use with the Zenprise Device Manager system from Zenprise, Inc. It discusses the
basics of the Apple APNS (Push Notification System) and how it relates to the use with Device Manager.
The content herein is intended for system administrators responsible for the implementation, configuration
and upkeep of enterprise-class system for managing mobile devices and users of them. The document is
organized as follows:
Chapter 1, Introduction, provides the scope and purpose of the document.
Chapter 2, Apple APNS for Device Manager, provides a general description of the process to
enrol in the Apple iOS Developer for Enterprise program and the required steps to obtain a
valid APNS certificate.
Chapter 3, The Certificate Signing Request, steps through the instructions for creating a new
CSR file from either a Mac OS X or Windows based computer.
Chapter 4, Apple APNS Certificate Process, steps through the instructions for using the Apple
iOS Developer for Enterprise portal to generate and download a valid APNS certificate
associated with an App ID.
Chapter 5, Exporting Certificates, discusses the remaining steps to export the APNS
certificate from a Mac OS X or Windows based computer into the proper format for use with
Zenprise Device Manager server.
The Appendix discusses briefly the option to use OpenSSL as an alternative to the certificate
process described for Mac OS X and Windows based computers in this document.
1.1 RELATED DOCUMENTATION
Other documents available in regard to Zenprise Device Manager include the following:
Device Manager Quick Start Guide – summarizes the steps required to establish a basic functional
configuration of the Device Manager server, create basic device Configuration Policies, device
Deployment Packages, establish a Remote Support Client session, and work with devices.
Device Manager Installation Guide – provides the procedures to install and/or upgrade the Device
Manager server product.
Device Manager System Administration Guide – provides details about configuring the application and
essential steps required to register devices, users, policies, files, and deployment packages. Device
Manager’s integrated reporting subsystem is also discussed.
Device Manager Client Guide - describes installation and use of the device client for Windows Mobile,
Android and iOS devices.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
5 Introduction
Device Manager F5 High Availability Guide – provides the procedures to setup the Device Manager
server product in high availability mode with an F5 network load balancer appliance.
Device Manager Mobile Application Gateway Setup Guide – describes the setup and use of the Mobile
Application Gateway to control ActiveSync mobile device traffic, as well as application Whitelist/Blacklist
filtering, and specific device & user filtering options available when integrated with a Microsoft ISA 2006
or TMG 2010 server firewall.
Device Manager Remote Support User’s Guide – discusses using Device Manager’s remote control
features to work with devices on behalf of users in the field.
1.2 DOCUMENT CONVENTIONS
The following conventions are used throughout the document:
Notes and Warning
Notes and other information topics are emphasized as follows:
Note: you can also use CTRL-Q to quit.
Warning convey limits, negative impacts or other important information as follows:
Note: Do not close the window before the process ends.
Application Elements
Window names, field labels, and other elements – are italicized.
Code Samples
Scripts, program source code, configuration files and the like are handled in this fashion:
AddObjectProperty – attributeMap {element: value, element, value}
User Entry
Things you type, select or click – including user names, passwords, responses, buttons and commands –
are shown in bold.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
6 Apple APNS for Device Manager
2 APPLE APNS FOR DEVICE MANAGER
2.1 OVERVIEW
Before you can setup Zenprise Device Manager and manage iOS devices you will need an Apple Push
Notification Service (APNS) certificate. This document explains the details need to acquire an APNS
certificate from your Apple Developer portal and instructions for uploading your APNS certificate to the
Zenprise Device Manager management console.
2.2 WHAT IS AN APPLE APNS CERTIFICATE?
The Apple Push Notification Service (APNS for short) is a mobile notification service created by Apple, Inc.
APNS uses push technology through an accredited and encrypted IP connection to forward notifications
over persistent connections from application servers like Zenprise Device Manager to iOS devices like the
iPhone, iPad, and iPod Touch. Many iOS applications present dynamic content delivered over the Internet.
Push notifications (also known as remote notifications) are a way to let users know that new or updated
content they're interested in is available even if the target application is not running. APNS notifications can
include applications data updates, triggered alert sounds or custom text alerts to the iOS device.
An APNS certificate is a provisioned security certificate provided through the Apple Developer portal as part
of the available benefits with the Apple iOS Developer Enterprise Program available on the Apple web site
at: (http://developer.apple.com/programs/ios/enterprise). The certificate is requested by an authorized
participant of the enrolled developer program and is available for download on the developer customer
portal site once approved by the Apple Developer Program.
Each organization needs to request and generate one APNS certificate for each individual application that
requires use of the APN service. Zenprise Device Manager requires one unique certificate to be assigned to
the application and host server prior to installation, and during installation the certificate will be imported
to complete the configuration and connection to the APN services at Apple. Zenprise cannot provide or
issue an APNS certificate to your organization. Only Apple, Inc. can provision APNS certificates to enrolled
Apple iOS Developer Enterprise Program participants.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
7 Apple APNS for Device Manager
2.3 BASIC APNS CERTIFICATE STEPS
There are a few steps to complete in order to obtain your APNS certificate from Apple, Inc. using a
computer running Apple Mac OS X and Microsoft® Windows operating systems. Requesting and generating
an APNS certificate needs to be executed from only one computer. The process is similar for each computer
platform with the exception of the tools and exact steps for each OS to originate and complete the
certificate request and certificate export. The essential steps for obtaining your APNS certificate are as
follows:
1. Create a Certificate Signing Request (CSR) from a computer that can be used for duration of
the APNS certificate generation process.
2. Upload the CSR to your Apple Development portal (Apple will sign your certificate in 3-5
business days).
3. Download the signed certificate from your Apple Development portal and complete the
initial CSR request.
4. Export the APNS certificate from your computer into the supported PKCS#12 (.p12) format
and upload to Zenprise Device Manager during installation.
Before you begin please ensure you have the following prerequisites completed:
Enroll in the Apple iOS Developer Enterprise Program located at: (http://developer.apple.com/programs/ios/enterprise). There is an annual enrollment fee per organization and the enrollment also requires specific registration information like your organization’s DUNS (Dun & Bradstreet) number and the ability to provide legal contract authority to bind your organization to the iOS Developer Program Enterprise License Agreement.
Allow 3-5 business days to activate your new developer program membership, and the same lead-time for
issuing your APNS certificate once the CSR is received by Apple, Inc.
Assign the Apple Developer account role that will be issuing the certificate approvals the rights as Agent.
The Agent role is the only role that can create and approve the APNS enrolled App ID and issues the APNS
certificate. Note that there can only be one Agent role account per enrolled developer program.
Mac OS X 10.5 or greater workstation* or Windows Vista SP1, Windows 7, and Windows Server 2008 with local Administrator permissions to create the CSR and issue an exported PKCS#12 (.p12 or .pfx) format certificate for use with Zenprise Device Manager.
To develop with iOS SDK you must have an Intel-based Mac running Mac OS X 10.5 Snow Leopard or later.
Windows Vista SP1, Windows 7 or Windows Server 2008 is required when using the IIS Certificate Wizard
in the steps we provide. Use the same computer for the entire certificate generation process.
Safari 4, Firefox 3.2 or greater, and Internet Explorer 7 or greater is supported and recommended for best results.
Designate a fully qualified DNS (FQDN) name for your Zenprise Device Manager server that will be resolvable both from the public Internet and your organizations internal network. (It is recommended to use a DNS aliased CNAME or dedicated A-Record pointer to your server instead of the computer host name.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
8 The Certificate Signing Request
3 THE CERTIFICATE SIGNING REQUEST
The first component needed to start with the APNS certificate enrollment, after your Apple iOS Developer
for Enterprise Portal is working, is the creation of a Certificate Signing Request, or CSR. A CSR is a file
generated from a computer’s local certificate or security keystore application that contains necessary
properties for a Certificate Authority (CA) to understand what kind of certificate is being requested and
what ownership and purpose the requested certificate is to be applied and registered with the CA. With
respect to the Apple APNS certificate enrollment, the CSR created in this process will be used for the
provisioning of a Production Push SSL Certificate for APNS that can be used with your Zenprise Device
Manager server. This documented procedure will focus on the use of the Production Push SSL Certificate
for the purposes of this document and installation with the Zenprise Device Manager server.
A CSR can be created from any computer with a local certificate service or certificate keystore application.
This document will cover the methods of generating a CSR from Apple Mac OS X with the Keychain Access
utility, and Microsoft Windows Vista SP1, Windows 7 and the Windows Server 2008 operating systems
using the Feature Add-in for Internet Information Services (IIS) Web Management Tools.
IMPORTANT: The process for creating the CSR file and later converting the downloaded APNS certificate
for use with Zenprise Device Manager server requires the use of the same computer with the same private
key to complete the process. Using two different computers cannot process the CSR and exported APNS
certificate steps unless the same local CA private key is used, and is not recommended.
3.1 CREATING A CSR WITH WINDOWS 7 & SERVER 2008
1. Turn on the Windows Feature for Internet Information Services (IIS) to enable only the Web
Management Tools. This can be found by navigating to the Programs and Features control
panel.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
9 The Certificate Signing Request
2. Start the IIS Manager utility from the local computer Administrative Tools menu, commonly
located within the Windows Start menu. Double-click the Server Certificates icon for IIS. The
utility needs to be started by a user logged in with Administrator rights, or started using Run
as Administrator.
3. The Server Certificates features will be available. Choose the option to Create Certificate
Request… from the right-hand Actions navigation panel.
4. The Request Certificate wizard will open and present the Distinguished Name Properties
fields that must be completed for the CSR. Enter in the following for your CSR. Click Next
once completed.
Common Name: this is a simple name to identify your certificate request, sometimes often
used is the name of the hosted DNS name for the server or service.
Organization: This will typically be the name of the company or management organization.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
10 The Certificate Signing Request
Organizational Unit: This will typically be the name of a department or sub-group.
City/Locality: The local city where the certificate is being requested/issued.
State/Province: The regional abbreviation for the site location.
Country/Region: The presiding nation for the issued certificate.
5. Next you must specify the correct Cryptographic Service Provider Properties. For the Apple
APNS certificate process the Microsoft RSA SChannel Cryptographic Provider type and 2048-
bit length certificate properties must be selected.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
11 The Certificate Signing Request
6. A file name must next be specified for your CSR. Identify a location to save your new CSR file
and give it a name you will easily recognize then click Finish.
7. The generated and saved CSR file is now ready for upload when stepping through the next
part of the Apple APNS certificate request process in Section 4.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
12 The Certificate Signing Request
3.2 CREATING A CSR WITH MAC OS X
1. On a Macintosh computer running Mac OS X start the Keychain Access application located
under the Utility folder inside the Applications folder.
2. Open the Keychain Access menu and choose Preferences. Change the options for OCSP and
CRL on the Certificates tab to Off. Close the Preferences window.
3. Open the Keychain Access menu and choose Request a Certificate From a Certificate
Authority… from the Certificate Assistant extended menu.
4. The Certificate Assistant will now walk ask you to enter information to start your CSR. Enter
your desired Email Address, Common Name, choose the Saved to disk option and check the
box to Let me specify key pair information. The email address and common name can be
that of the individual or a role account responsible for the management of certificates. Click
Continue to proceed.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
13 The Certificate Signing Request
5. Enter a name for your certificate signing request (CSR) file and save it to a location that you
can easily retrieve the certificate request file. Click Save.
6. The next screen specifies the key pair information. Choose the Key Size of 2048 bits and the
RSA algorithm. Click Continue.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
14 The Certificate Signing Request
7. The generated and saved CSR file is now ready for upload when stepping through the next
part of the Apple APNS certificate request process in Section 4. Click Done when the
assistant completes the CSR process.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
15 Apple APNS Certificate Process
4 APPLE APNS CERTIFICATE PROCESS
4.1 APPLE IOS DEVELOPER FOR ENTERPRISE PORTAL
The next major steps all deal with activity within the Apple Developer Portal. To begin the process of
acquiring your APNS certificate from Apple you must first complete the enrolment for the Apple iOS
Developer for Enterprise program membership. The developer web site has links and videos to guide you
through instructions for how to complete the online application. Once completed you can log in with your
Agent (primary first account and account owner role) account user name and password to gain access to
the iOS provisioning portal.
4.2 GENERATING AN APP ID AND APNS CERTIFICATES
Once in the iOS Provisioning Portal you can begin the steps to navigate and create your App ID that will be
assigned to your company for the Zenprise Device Manager server application. You can have multiple App
ID’s, however you only need one App ID to be created and identified uniquely for use with Zenprise Device
Manager.
It should be noted that the APNS certificate required for an enterprise mobile device manager solution like
Zenprise Device Manager must be provisioned from an enrolled and approved iOS Developer for Enterprise
account. The Individual and Company class iOS Developer programs are not acceptable, nor is using any
non-production or developer classified certificates. Only iOS Developer for Enterprise class certificates will
be accepted for use with Zenprise Device Manager server.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
16 Apple APNS Certificate Process
1. Log into the Apple Developer Member Center with the Apple ID assigned to the primary or
‘Agent’ role. When logged in choose the iOS Provisioning Portal link.
2. On the main Provisioning Portal page choose the App IDs option in the left-hand navigation.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
17 Apple APNS Certificate Process
3. Next, click the button to create a New App ID.
4. Complete the Description, Bundle See ID and Bundle Identifier fields in the Create App ID
area of the Manage tab for the App ID and then click the Submit button.
a. Use a simple name or short description that will help you later recognized your App
ID configured for Zenprise Device Manager. This helps when your organization
might have the need for multiple App IDs deployed for other purposes.
b. Leave the selection for the Bundle Seed ID as “Generate New”
c. Create your Bundle Identifier (App ID Suffix) using the format
“com.apple.mgmt.MyCompany.ZDMname”. Replace the portion “MyCompany”
with your company name or domain name without spaces. The ending suffix
“ZDMname” should be a short suffix word without spaced to identify your
production Device Manager Server to the App ID.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
18 Apple APNS Certificate Process
5. A new Configure App ID page is presented after submitting. Click the checkbox to Enable for
Apple Push Notification service. Click the Configure button for the Production Push SSL
Certificate to create your new Apple Push Notification Service certificate. You will need to
have your generated CSR (certificate signing request) file available for uploading in the next
steps.
IMPORTANT: Use only the designated Production Push SSL Certificate associated for an approved App ID
with an enterprise device management solution like Zenprise Device Manager.
NOTE: The Development Push SSL Certificate for APNS should only be used for testing and development
purposes and never installed in a production environment. Irreversible issues such as device disassociation,
device service interruption and manual re-enrollment of the iOS device to Zenprise Device Manager server
will occur if later switching to a Production Push SSL Certificate.
NOTE: Development Push SSL Certificates for APNS are limited to the number of devices that can be
enrolled for testing, the age of the valid certificate is limited to 3 months, and Apple routes all APNS traffic
for development devices through a separate gateway. The Development Push SSL Certificate for APNS
should only be used for testing and development purposes and not used with a Production environment.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
19 Apple APNS Certificate Process
6. The Apple Push Notification service SSL Certificate Assistant is started when you clicked
Configure in Step 4. Click Continue again to proceed to the step to import your certificate
signing request (CSR) file.
7. Click the Choose File button and locate your CSR file previously saved on your computer.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
20 Apple APNS Certificate Process
8. Click the Generate button once your CSR file is selected and added.
9. The Apple APNS service SSL Certificate is now generated. Click Continue.
10. The Provisioning Portal should now reveal your App ID and the two Development and
Production Apple Push Notification services available for configuration. Click the Configure
link next to the App ID to continue.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
21 Apple APNS Certificate Process
11. The Configure App ID window contains the two available Push SSL Certificates available for
configuration. Locate the Production Push SSL Certificate and click Configure to follow the
steps to setup the certificate.
When you complete the setup for the Production certificates you will see the status change
to Enabled, and an expiration date and Download button associated with the provisioned
APNS certificate. Finish configuring both APNS certificate services and then click Done.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
22 Apple APNS Certificate Process
12. The completed certificates for Production is now ready for download. You only need to use
the Production Push SSL Certificate with Zenprise Device Manager server.
13. After downloading your Production Push SSL Certificate for APNS click the Done button.
14. The newly enabled App ID with associated APNS certificate should now appear in your iOS
Provisioning Portal. You can return to this location to re-download your certificates.
Continue to Section 5.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
23 Exporting Certificates
5 EXPORTING CERTIFICATES
The final step in preparation to enable your Zenprise Device Manager server to use the APNS certificate to
enroll, manage and communicate with iOS devices is to export the downloaded Production certificate into
PKCS#12 format. This format is the only compatible certificate type that can be imported and used by an
MDM solution like Zenprise Device Manager. As stated in Section 2, the use of the same computer that
created the Certificate Signing Request (CSR) should be the same computer used during the certificate
conversion process. Only the issued Production Certificate is needed for Zenprise Device Manager server.
These steps will guide through exporting the Production certificate, although the same steps would be used
for development certificates.
5.1 EXPORT THE APNS CERTIFICATE: WINDOWS OS
1. Open the Internet Information Services (IIS) Manager administration tool and select the
Complete Certificate Request option from the Actions pane.
2. Click the ellipses button and locate the saved Production identity certificates previously
downloaded from the iOS Provisioning Portal. The default name for the production
certificate is aps_production_identity.cer. Enter in a friendly name that can easily identify
the certificate in your Server Certificates management console. Click OK to continue.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
24 Exporting Certificates
3. Select the imported certificate and choose the Export… option via the right-click menu or
from the option in the right-hand Actions pane.
4. Enter the path to export the .pfx (PKCS#12 format) certificate file along with a certificate
password. Using a unique, strong password is recommended. This password will need to be
retained for later use. Click OK to finish. The saved certificate is now ready for use with
Zenprise Device Manager server. Be sure to keep the certificate and password safe for later
use and reference.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
25 Exporting Certificates
5.2 EXPORT THE APNS CERTIFICATE: MAC OS X
1. Locate the Production identity certificate downloaded from the iOS Provisioning Portal.
Double-click each certificate file to import them into the Keychain. If prompted to add
certificates to a specific keychain simply keep the default ‘login’ keychain selected and click
OK.
2. The newly added certificate will appear in your list of certificates. Select the Production Push
Services certificate and control-click or choose Export Items… from the File menu to begin
the step to export the certificate into a PKCS#12, or Personal Information Format (.p12)
certificate.
3. Name the certificate file being exported as something unique for use with Zenprise Device
Manger server. Choose a folder location for the saved certificate, choose the Personal
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
26 Exporting Certificates
Information Exchange (.p12) file format and click Save.
4. Enter a password for exporting the certificate. Using a unique, strong password is
recommended. This password will need to be retained for later use.
5. The Keychain Access application will prompt for the password to the “login” or selected
keychain. Enter the password and click OK.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
27 Exporting Certificates
6. The saved certificate is now ready for use with Zenprise Device Manager server. Be sure to
keep the certificate and password safe for later use and reference.
Note: If you don’t plan to keep and preserve the computer and user account originally used to generate
the CSR and complete the certificate export process it is recommended that you save and/or export the
Personal and Public Keys originally associated from the local system. Otherwise access to the APNS
certificates for reuse will be voided and the entire CSR and APNS process will have to be repeated.
Zenprise Device Manager – Apple APNS Certificate Setup Guide [ Rev 6.10.00 ]
28 Appendix
6 APPENDIX
6.1 USING OPENSSL
The use of a command line utility for certificate signing requests and certificate importing and exporting is
completely supported, however there are many available command line tools that use different syntax that
will vary the steps to complete the process. Provided here are simple guideline examples for how to
complete the steps previously covered in Section 3, “Creating a CSR” and Section 5, “Exporting Certificates”.
The following examples use OpenSSL as the open source command line utility. OpenSSL, the downloadable
binaries for the desired operating system, and detailed instruction guides can be found at:
http://www.openssl.org.
6.1.1 CREATING A CSR WITH OPENSSL
Here is the simple command string with generic variables needed to create a new CSR for use in Section 4,
“Apple APNS Certificate Process”.
rem #!/bin/sh
openssl genrsa -out apns-cert.key 2048
openssl req -new -key apns-cert.key -out apns-cert.csr -subj
"/[email protected],CN=ZDM.MyCompany.COM,O=My
Company,OU=Department,L=Anytown,S=State,C=US"
6.1.2 EXPORTING THE CERTIFICATE
Here is the simple command string with generic variables needed to export the downloaded Apple APNS
Production certificate from a .cer file format into a .pem file format, and finally into a .p12 file format.
rem #!/bin/sh
rem # Convert .cer to .pem
openssl x509 -inform der -in aps_production_identity.cer -out apns-cert-
production.pem
rem # Convert .pem to .p12
openssl pkcs12 -export -out apns-cert-production.p12 -inkey apns-cert.key -
in apns-cert-production.pem -passout pass:Passw0rd!