iPhone Push Notification Certificates

3
votes

I am trying to create certificates that will allow me to send push notifications on my device and I am total lost. I have used certificates for BETA and distribution but adding push notification is pain.

When I do create certificates for BETA testing, I do the following steps.

  1. From keychain, Request a certificate from a certificate authority.
  2. In Apple Provisioning Portal under Certificates, create a certificate uploading file keychain file.
  3. Assume APP ID is created perfectly and devices are ready.
  4. In Apple Provisioning Portal under Provisioning, I create a new profile and download mobile provisioning file to add to the XCode organizer.

That above steps works and I can BETA test. Now in order to enable push notification, I have setup server which is tested with push notification and is 100% working. When I configure for push notification, I need to upload keychain file. Is that the same file I uploaded under Certificates? There is a file in return which I double click and it gets added to the keychain, am I doing it right?

1
iphonepush-notification

1 Answers

6
votes

If I understand your question correctly, the answer is no, it should not be the same file. I'll explain the entire process in detail and hopefully that will clarify the situation (and what you need to do next).

When you enable push notifications, you need to do four things:

  1. Create a private/public key pair.
  2. Create a certificate signing request (CSR), signed with your private key.
  3. Submit the CSR to Apple and download a signed certificate.
  4. Create a file containing your certificate and private key, for validating each APN request.

Some points:

  • I recommend you use different keys for development (sandbox) and production APN. You can re-use the keys if you are sending notifications to different apps, but it is safer if you don't re-use keys between development and production.

  • The file you "submit" to the provisioning portal is the certificate request. You will have one CSR file for each certificate. You will create a two CSR for each app (bundleID); one for development, one for production. The CSR created with your development key should be submitted for development and the CSR created with your production key should be submitted for production.
    Note: Keep the CSR files. You don't have to have them, but it will save you some time when you need to re-send the certificate requests.

  • After submitting your CSRs, you will be able to download the actual certificates. They aren't ready immediately, so give Apple a minute or so and then refresh your browser. The difference between the CSR and a certificate is important: the certificate is signed by Apple; it validates your ability to send push notifications. Download the certificates and load them into your keychain (double clicking is fine).
    Note: the certificate is useless without your private key; so you will need to safely export your private key if you switch computers.

  • Any computer sending an APN request will need both the private key and the certificate. You can export them as a single .p12 file using Keychain Access. (I name mine MyAppCertKey.p12 to indicate that the file contains both the certificate and the key.)

  • Last, I wrote up a detailed explanation on testing / verifying communication with Apple's servers (from the terminal). It's a little complicated since you need to have some root certificates set up for openssl to validate against; however, it will tell you if you are communicating correctly with the servers, without requiring any work on the receiving app itself.

    Couldn't able to connect to APNS Sandbox server

Hope that helps.