One fine morning you receive this email regarding your Apple push notification service certificate of your amazing app (or one that you are responsible for):
Your Apple Push Services Certificate will no longer be valid in 30 days. To generate a new certificate, sign in and visit Certificates, Identifiers & Profiles.
Certificate: Apple Push Services
Identifier: com.nowplayingapps.myawesomeapp
Team ID: 99X11XXXXXTo learn more about expired certificates, visit the certificates support page.
And your developer is not around. Of course, you have 30 more days, however, you don’t need access to your developer; you can do it yourself.
Check out our new upcoming service, RenewMyPush. With this, we hope to take the burden off you to update the push certificate manually. If this is something that you are interested in, let us know by visiting the service page, and we will let you know once this service is ready.
Apple push notification service (APNs) is the service created by Apple by which external applications (such as your backend or clients such as OneSignal or UrbanAirship) can send notifications to your customers. An APNS certificate establishes connectivity with your notification client and apple push notification service. Now, let’s dive in.
Prerequisite
You need a Mac computer and the apple developer account that has access to this app.
Let’s get started
Log in to the developer account, and from the left menu, select Certificates, IDs & Profiles link under the Overview section on the left side menu. From there select All from the Certificates section.
Locate the app id mentioned in the above email. Click on it to expand and verify the expiration date. It should match the one specified in the email. If you are not able to find the app id, then click [+] sign on the top right corner to create a new one. Skip the next step and jump directly to Create a new Push Certificate section.
For push notification clients (such as OneSignal or UrbanAirship) to send push notifications on your behalf, it needs a certificate along with a private key. Let’s create one to replace the old certificate which is expiring soon. Just select App IDs link under Identifiers section on the left-hand side menu, and locate the app id (in this case com.nowplayingapps.myawsomeapp). Click on the app id to expand and scroll to the bottom of that section and click Edit.
Optionally you can create a new certificate by clicking on the plus icon at the top of the Certificates page.
Scroll down to the Push Notifications section and click on Create Certificate from Production SSL Certificate section as seen in Screenshot (2) below.
Create a new Push Certificate
Select Apple Push Notification service SSL (Sandbox & Production) under Production title and click Continue.
Select the app id from the list of App Ids specified in the drop-down, and click Continue.
Upload your CSR (Certificate Signing Request). If you don’t have one, please google the steps to generate one. It’s really easy.
Click next, and eventually, you’ll get this message: Your certificate is ready. Click the Download button to download the certificate (.cer file) on to your mac.
Saving Apple Push Notification Service (APNs) Certificate to your Mac’s keychain
Locate the downloaded certificate file, and double click on it to add it to your keychain.
Open Keychain Access application on your mac, select Certificates menu on the left and search the app id on the search bar on the top right corner. You will see the app id option and make sure you have an option to expand it. Once you expand, you will see the private key as well.
Exporting Apple Push Notification Service (APNs) certificate to your push notification client
The last thing to do is to export this certificate (along with the private key) to your push notification client. This process is more or less the same for every client, I am explaining this for Onesignal.
Right-click on the certificate file and select Export Apple Push Certificate: <your-app-id>
if you don’t see this option, just click on the private key, and then right-click on the certificate file again.
Save it as a P12 file (you can leave the password field empty)
Login to your push notification client (OneSignal in this case). Locate your app and go to Settings
You will see that the expiration date exactly matches the one specified in the email above.
Just click edit and browse the P12 file you saved earlier.
That’s it, you have successfully renewed the certificate to link between OneSignal and Apple push notification service. You should now see a new expiration date, which is one year from now.
Final step – optional
Revoke the old Apple push notification service (APNs) certificate by going to the apple developer account, and finding the one that expires within 30 days.
Check out our new upcoming service, RenewMyPush. With this, we hope to take the burden off you to update the push certificate manually. If this is something that you are interested in, let us know by visiting the service page, and we will let you know once this service is ready.
If you have any questions or feedback, simply send it to me at sonny@nowplayingapps.com.