I am told that we need to provide an application developer with a P12 format 'Push Notification Certificate'. I need to know how to get this using Windows.

I have the following:

• Developer certificate *developer_identity.cer*
• Distribution certificate *distribution_identity.cer*

I was then told to go to App IDs, find my new App ID and click 'Configure'. Then configure my App ID for Apple's Push Notification service.

Configure 'Production Push SSL Certificate': It says I need to create a CSR and upload it to Apple.

When creating the CSR I used the following in OpenSSL:

openssl genrsa -out mykey.key 2048

then

openssl req -new -key mykey.key -out CertificateSigningRequest.certSigningRequest  -subj "/emailAddress=yourAddress@example.com, CN=John Doe, C=US"

Replacing email, CN and C with my own details.

Question 1: How is this right? The P12 will be provided to a third party for them to push; are the email, CN and C here validated at any point or does this not matter?

Assuming the above is all correct, this results in me getting another file: *aps_production_identity.cer*

Question 2: How can I use OpenSSL with the files above to provide the necessary Push Certificate in P12 to the developer?

(1) Whether or not the email, CN and C are validated by Apple when the certificate is created, the certificate is digitally signed by a Certificate Authority (CA) at Apple, so that's how they will know that it is authentic when it is used to connect. You could not forge that signature (of their CA, on your certificate.)

(2) To create a P12 with OpenSSL:

$ openssl pkcs12 -export -out my_cert_and_key.p12 -in my_cert.crt -inkey my_key.key

You will be prompted for a password, which you will need to type in again when importing it on Windows. This password is protecting the private key, which is in the P12 file along with the certificate. That is, if this is going to be imported on a Windows machine. For the iPhone, ignore that, and what follows...

Whichever Windows account imports the certificate, will have access to the private key to use it when connecting with TLS. If you need another Windows account to connect using this certificate, you will have to grant it read access to the private key (which you can do from the MMC Certificates snap-in, "Manage Private Keys".)

XCA makes it easy.

On windows though there’s no such tool, and every single guide I came across (including the official one from Adobe) instructed users to install OpenSSL, and then use command prompt and type in paths, names , commands etc. This was very tedious, slow , user unfriendly and error prone. Thankfully, there is another way! It’s a OpenSSL based GUI for Windows called XCA: X Certificate and Key Management.

This tools enables you to obtain a personal development certificate, certificate signing request, private or public key encoded with 2048bit RSA encryption, export p12 certificate i.e. everything you need to do in order to publish a valid .ipa file for iOS device. All with nice drag and drop interface, with easy to manage and access sections, lightweight and organised. Secured and safe as well.

source article: http://durej.com/?p=345