Generating pem certificates
To register an iOS client on Boxcar Push Service, you need to provide Apple push certificates for development and production version.
APNS push credentials are passed to Boxcar console as a passwordless PEM file containing both the private key and the certificate.
Generating certificate from scratch
If you are generating certificates from scratch, you can directly use Boxcar Console wizard to generate a valid .pem, without even having to rely on Apple Keychain.
The resulting certificate can be used directly by Boxcar console. You can still download it for backup if you want.
Converting p12 certificate from Apple Keychain to PEM
If you have already a private key and certificate generated with Apple Keychain, you will need to convert it. Apple keychain generate P12 file format.
Follow Apple documentation, you can find on
Creating a Universal Push Notification Client SSL Certificate. This
will allow you to export a
.p12 file from Apple Keychain (without
Then, this section explains how to properly generate a PEM file that you can upload on your iOS client application configuration.
Here are the commands to convert Apple Certificate to certificate usable by push module:
Export your certificate and private key from OSX keychain. We assume in the next step that the exported file is named
Convert certificate and private key from p12 to PEM format with
openssl pkcs12 -clcerts -nokeys -out aps_developer_identity_cert.pem -in aps_developer_identity_cert.p12 openssl pkcs12 -nocerts -out aps_developer_identity.pem -in aps_developer_identity_cert.p12
Remove encryption password:
openssl rsa -in aps_developer_identity.pem -out aps_developer_identity_key.pem
Combine pem certificate and key into a single file:
cat aps_developer_identity_cert.pem aps_developer_identity_key.pem > apd.pem
You have to do that once for development certificate and once for production certificate.
Sandbox 1 and production passwordless certificates
.pem can be
then uploaded on Boxcar Push Service.
Checking the certificate
Certificate can be checked from command-line. It should ends with Verify return code: 21 (unable to verify the first certificate, which means certificate is accepted by the server.
The following command should test developer push certificate against the push sandbox:
1 openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert ./apd.pem
Alternatively, you can check your production certificate against the production push service:
1 openssl s_client -connect gateway.push.apple.com:2195 -cert ./app.pem
Checking expiration date
To check expiration date, the following command can be used:
1 openssl x509 -noout -in apd.pem -enddate
Sandbox is for “development” mode. You use it for applications uploaded to your device directly from XCode. ↩