It’s coming up to a year since we launch our server monitoring iPhone application and so our Apple push notification SSL certificate is expiring in a few weeks. It is necessary to renew it and install the new certificate on our servers so we can continue sending push notifications for server alerts, and this quick post will take you through the steps.
You can generate a new certificate without revoking the old one, and use them simultaneously to ensure they are working before revoking the old one.
1) Log in
Log into the Apple iPhone Developer website and click the iPhone Provisioning Portal link. From the left menu, click on App IDs and then Configure next to the app you want to regenerate the certificate for. You’ll see your existing certificates and the option to generate a new one. Click the Configure button to launch the wizard.
2) Generate a CSR
I used the CSR I generated for the original APNS certificate but you can generate a new one by following the instructions in the wizard.
3) Generate the certificate
After uploading the CSR, the wizard will generate your new certificate. The name will show up as your username rather than what you specify in the CSR. Download it to your system, it will be called aps_production_identity.cer. Double click it to import it into your Keychain.
4. Export certificates / keys
Launch Keychain Assistant from your local Mac and from the login keychain, filter by the Certificates category. You will see an expandable option called “Apple Development Push Services”. You’ll see your old certificate and the new one you just downloaded.
Click the triangle to expand the certificate. You’ll have 2 items – the certificate itself that you just expanded, and the private key that was revealed.
Right click on the certificate (not the private key) “Apple Development Push Services” > Export “Apple Development Push Services ID123″. Save this as apns-prod-cert.p12 file somewhere you can access it. Then do the same with the private key and save it as apns-prod-key.p12.
For both exports, you will be asked to specify a password, then asked for your keychain password. I did not specify a password on the first prompt.
5) Convert to PEM format
These files now need to be converted to the PEM format by executing these 2 commands from the terminal:
1 2 | openssl pkcs12 -clcerts -nokeys -out apns-prod-cert.pem - in apns-prod-cert.p12
openssl pkcs12 -nocerts -out apns-prod-key.pem - in apns-prod-key.p12
|
You will be forced to set a PEM passphrase on the second command, so execute the following command to remove it:
1 | openssl rsa - in apns-prod-key.pem -out apns-prod-key-noenc.pem
|
6) Merge files
Finally, you need to combine the key and cert files into a apns-prod.pem file we will use when connecting to APNS:
1 | cat apns-prod-cert.pem apns-prod-key-noenc.pem > apns-prod.pem
|
And that’s it. You can replace your existing production certificate with the one you just created, and it’ll be valid for another year. Yay.
정리를 해보자.
응용프로그램 -> 키체인 접근 프로그램을 연다.
그리고 해당 푸쉬 인증서 삼각형 세모를 누르면 개인키가 보인다.
일단 인증서만 클릭해놓고 apns-prod-cert.p12 파일로 내보낸다.
그리고 개인키만 클릭해놓고 apns-prod-key.p12 파일로 내보낸다.
그리고 터미널을 실행해서 다음과 같은 명령을 실행한다.
openssl pkcs12 -clcerts -nokeys -out apns-prod-cert.pem -
in
apns-prod-cert.p12
openssl pkcs12 -nocerts -out apns-prod-key.pem -
in
apns-prod-key.p12
apns-prod-key.pem 을 만들때 암호를 지정할수밖에 없는데
이제 그 암호를 제거해서 보자. 다음 명령을 입력한다.
openssl rsa -
in
apns-prod-key.pem -out apns-prod-key-noenc.pem
이제
인증서 파일과 키 파일을 결합하면 된다.
cat
apns-prod-cert.pem apns-prod-key-noenc.pem > apns-prod.pem
를 입력하자.
ps. 하지만 실상 node.js apns 에서 필요한 파일은
apns-prod-cert.pem 파일과 apns-prod-key-noenc.pem 파일만 있으면 된다.
수고했다.