Use openssl to create p12 certificate in windows for iOS push notification or distribution

02 Mar, 2019

While trying to setup AWS SNS platform application to use Apple push notification platform, it requested for p12 certificate. p12 certificate is a container format fully encrypted locked with password that contains both public and private certificate pairs. From the documentation available it seems that creating p12 certificate requires Mac Desktop which has keychain access. But in this article we will see how to create p12 certificate on Windows. The process of creating p12 certificate requires following steps

1. Download and install openssl from here. (Win64 OpenSSL v1.1.0j Light or Win32 OpenSSL v1.1.0j Light)

Create a (.certSigningRequest) CSR file

2. Open command prompt and change directory to openssl –> bin folder and run the command to set the configuration:

Set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg

3. Run following command to create testsample.key (private key) of 2048 bit:

Openssl genrsa -out aws_sns_prod.key 2048

4. Using this testsample.key, create cert signing request with details:

Openssl req -new -key testsample.key -out testingsamplecert.certSigningRequest -subj “/emailAddress=testsite@example.com, CN=John Kurian, C=AU”

NOTE: Step 3 & 4 can be run using one command which will create .key and .csr. Running this command will ask for information to be included on the CSR (cert signing request):

Create “.cer” file in iOS developer account

5. Login to apple developer account Click “Certificates, Identifiers & Profiles”

6. Assuming that you have already registered App Id under Identifiers (if not done then register first), click on certificates–>All. Click the “Add” (+) button at the top-right of the main panel. Depending whether you are creating this certificate for development or production, click on “Apple Push Notification service SSL”: