Sep 07

How to Generate APN Certificates on Windows Using OpenSSL

I’m sure that as an iOS developer you have at some stage needed to integrate Apple’s Push Notifications service into one of your apps. Do you prefer working on Windows for your other projects? Or do you perhaps not have regular access to a Mac? Is your Mac still at the service center? Are you perhaps stuck overseas frantically trying to help out a client and only have access to an old Windows machine? In any case, if you need to achieve this on a Windows device then this tutorial is for you.

Install OpenSSL

If you don’t already have OpenSSL installed on your Windows device you will need to install it before continuing.

Step 1: Download and run the OpenSSL installer from Shining Light Productions.

Step 2: Follow the installation process. If you use TortoiseGIT or TortoiseSVN you might run into the error “Unable to copy libeay32.dll…” – Simply press cancel and ignore this error.

Step 3: Save a copy of this config file to your OpenSSL installation directory (e.g. something like C:\OpenSSL-Win64\).

Step 4: Open Command Prompt (CMD) and run the following command:
set OPENSSL_CONF=c:\OpenSSL-Win64\openssl.cnf

Step 5: Create a directory to keep all the generated files together by running the command: mkdir YOURAPPNAME then enter the directory by typing cd YOURAPPNAME

Step 6: Launch OpenSSL by typing C:\OpenSSL-Win64\bin\openssl.exe

Generate .csr and .key files

Step 7: While in CMD with OpenSSL running type the following command: req -out YOURAPPNAME.csr -new -newkey rsa:2048 -nodes -keyout YOURAPPNAME.key

Step 8: Fill out all your particulars when prompted which include:

  • Country name code
  • Province or state
  • City name
  • Company name
  • Department name
  • Common name (application name)
  • Email address – We normally use the Apple developer email address
  • Password – Make this the same phrase that you use to send out push notifications from your application
  • Company name – Enter this again

You should now have two files in the directory you created in Step 5, namely a .csr and .key file.

Retrieve SSL Certificate from Apple

Step 9: Open your web browser and log into

Step 10: Navigate to the list of app identifiers (App IDs) and find your app. Click on your app name and click edit.

Step 11: Scroll down to the Apple Push Notification service SSL Certificates and click “Create Certificate” (Production SSL Certificate is for the live app).

Step 12: Follow the process and when asked to upload a file choose the .csr file that was created in Step 7 & 8.

Step 13: Click “generate” and save the .cer file to the directory that you created in Step 5. Rename this file to “YOURAPPNAME.cer”

Generate APN Certificate

Step 14: Go back to CMD with OpenSSL running and enter the command: x509 -inform der -in YOURAPPNAME.cer -out YOURAPPNAME.pem -outform PEM. This will create a .pem file.

Step 15: To create the .p12 file run the command: pkcs12 -export -in YOURAPPNAME.pem -inkey YOURAPPNAME.key -out YOURAPPNAME.p12 -name apns-cert and enter the same password as used in Step 8.

Step 16: Now run the command pkcs12 -nocerts -out YOURAPPNAMEKey.pem -in YOURAPPNAME.p12. When asked for a password and passphrase use exactly the same password as in Step 8.

Step 17: Great, we are finished with OpenSSL so you can type exit and go back to the standard CMD input prompt.


Step 19: ‘YOURAPPNAMETEMP.pem’ is the APN certificate required when sending out push notifications.

That’s it! I hope that you’ve found this tutorial useful and will return for more helpful development tips and tutorials.