I'm attempting to create a p12 file for use with PushSharp to send iOS push notifications. I used this exact process a year ago to renew our certificates and it worked fine; but now it's failing at the final step.
Here is what I'm doing:
- Create a certificate signing request in Keychain Access, as a file named
CertificateSigningRequest.certSigningRequest - Export the private key from Keychain Access, saving the file as
private_key.p12 - Go to developer.apple.com, create a production Apple Push Services certificate using the CSR file from step 1, download the file as
aps.cer - Run the following commands in a shell (pretty much identical to what one finds on some other Stack Overflow posts):
openssl x509 -in aps.cer -inform DER -out app_cert.pem -outform PEM
openssl pkcs12 -nocerts -out private_key.pem -in private_key.p12
openssl rsa -out private_key_noenc.pem -in private_key.pem
openssl pkcs12 -export -in app_cert.pem -inkey private_key_noenc.pem -certfile CertificateSigningRequest.certSigningRequest -name "MyAppName" -out pushsharp.p12
The final openssl command fails with this error:
unable to load certificates
I haven't been able to figure out what I'm doing wrong; this is all in a script that worked fine a year ago. I was able to get the openssl pkcs12 -export command to succeed by removing the -certfile CertificateSigningRequest.certSigningRequest argument, but I believe the p12 file generated by this will not work with PushSharp.
Don't try to give a CSR file as parameter of
-certfile.-certfilecan be used for adding additional certificates to the store.For example CA certificates chain of the app_cert.pem:
Usually there is no need to use CSR, if the corresponding certificate already exists.