Last modified November 22, 2014 by Gordon Glauser

How Do I Manage iOS Push Certificates for Push Notifications?

To enable an app to send push notifications to iOS devices (iPhone, iPad and iPod), you require a push certificate. A push certificate authorizes an app to receive push notifications and authorizes a service to send push notifications to an app. You link the push certificate to the app when you publish the app for distribution. For communication with iOS devices, push messages are sent via the Apple Push Notification Service (APNS). In order to send a push notification to a user, Swrve must provide Apple with a push certificate that authorizes Swrve to send push notifications to your users on your behalf.

There are three main steps involved in retrieving a push certificate for your app and uploading it to Swrve:

  1. If your app is not enabled for push notifications, create a push certificate.
  2. Export the push certificate to a file.
  3. Upload the push certificate to Swrve.

Once Swrve has a copy of your push certificate, Swrve can send messages to your users on your behalf. For more information about managing push notifications in Swrve, see Intro to Push Notifications.


Creating Push Certificates

To follow the instructions below you must have already registered your iOS app with Apple through the Member Center.

To create a push certificate:

Step 1: On the Apple Developer site (https://developer.apple.com/), log on to the Member Center.

Step 2: Click Certificates, Identifiers & Profiles.

Step 3: Click Identifiers in the left-hand navigation, then click App IDs.

Step 4: In the app list, click your app.

If your app is push-enabled but you have not created a certificate, Push Notifications are displayed as Configurable:

Screen_Shot_2013-11-19_at_14.30.40.png

If your app is not push-enabled, the section is displayed as Disabled:

Screen_Shot_2013-11-15_at_14.20.22.png

Step 6: If push notifications are disabled, click Edit and enable push notifications.

Screen_Shot_2013-11-21_at_14.49.48.png

Step 7: Click Create Certificate for the Production SSL Certificate. The screen describes how to generate a Certificate Signing Request which is then passed to Apple to generate the certificate. It is good practice to use the production SSL certificate (even during development) as it is easy to forget to update the certificate at app launch. The summary details how you can work with the production certificate:

  • Provision your app with the production certificate.
  • Archive your development app for ad-hoc distribution.
  • Load the app onto your device.
  • Connect the device to Xcode.
  • Continue to develop and test.

If you decide to use the Development SSL Certificate (for example, to test your push notifications), ensure that you update the certificate with the production version when you launch your app.

Step 8: To generate a Certificate Signing Request:

  • Open Keychain Access (in the Applications > Utilities sub-folder).
  • Navigate to Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority.

Screen_Shot_2013-11-15_at_14.28.24.png

  • Populate the certificate information with your email address. Use your own name for the Common Name. Leave CA Email Address blank and ensure that Saved to disk is selected.
  • Click Continue, enter a filename and a destination, and then click Save. This saves the file to the requested location, with an extension .certSigningRequest.

Step 9: Return to the Apple Member Center and click Continue.

Step 10: Click Choose File to upload the .certSigningRequest file.

Step 11: Click Generate to generate your push certificate. A screen is displayed stating that your push certificate is ready.

Step 12: Click Download.

Step 13: In your Downloads folder, locate and double-click the aps_development.cer file.

Step 14: Return to your Keychain Access and navigate to the Certificates category of the login keychain to locate the push certificate for your app.

Screen_Shot_2013-11-21_at_16.40.22.png


Exporting Push Certificates

After you create your push certificate and log it with your Keychain Access, export the push certificate to a file:

Step 1: Open Keychain Access (in the Applications > Utilities sub-folder).

Step 2: Navigate to your push certificate in the Certificates category of the login keychain.

Step 3: Right-click the certificate and select Export from the context menu.

Screen_Shot_2013-11-15_at_14.40.53.png

Step 4: Enter an appropriate name for the file, leaving Tags empty and leaving the file format as .p12, and then click Save. You are prompted to encrypt the certificate with a password.

Step 5: Either encrypt the certificate with a password (recommended) or leave it blank.

Step 6: Click OK to export the certificate.


Uploading Push Certificates

Generally, you upload your push certificate in Swrve when configuring the Integration Settings screen as part of the Swrve onboarding process. iOS push certificates are valid for 12 months and should be replaced annually to avoid interruptions to your push service. You can edit the settings on this screen later on if required.

To upload your push certificate in Swrve:

Step 1: On the Setup menu, click Integration Settings. The Apple push notification settings are displayed under Push Notifications, in the Apple APNS Certificate section.

Step 2: Click upload new certificate to display the push certificate settings.

Step 3: Click Choose File and then navigate to your saved development or production push certificate and select it.

Step 4: If you encrypted the push certificate when you saved it, enter the password in the Password field.

Step 5: Click Upload. After you receive a green success notification, the push certificate is displayed in the Apple APNS Certificate section.

Step 6: Test the push certificate by sending a test push notification to one of your QA devices. To send a test push notification:

  • Select your device from the Select QA device list.
  • Click Send Test Push.

If you have difficulty uploading a push certificate, take note of the on-screen feedback provided and consult the following list for more information:

  • Date Error – APNS certificates are valid for one year from the date they are created and must be changed annually. This notification indicates that the certificate you are trying to upload to upload has an invalid date stamp, where today’s date is not within the certificate’s date range. You may need to create a new certificate.
  • Certificate or Password Error – This message indicates that Swrve could not parse the certificate file. This may be because the certificate is not encoded in the expected p12 format, or because the password provided was incorrect. Please retry your upload, paying particular attention to the password you use.
  • APNS Certificate Refused Error – This message indicates that the certificate was properly interpreted but was not accepted by Apple’s APNS push system. This could happen for a number of reasons and you should consult Apple’s documentation for more information.

APNS Certificate Expiration

iOS push certificates are valid 12 months from the day they are created. When the certificate is due to expire, Swrve attempts to notify you through dashboard notifications and emails. If you encounter these messages, it is important that you act quickly to replace your push certificates as all iOS push notifications, including your scheduled and recurring push notifications, stop functioning once the certificate expires.

You can easily create a new certificate by repeating the steps outlined above.