Tutorial: Certificate Conversion and Certificate Testing for APNS

PUSHTRY.COM reads the certificate and its key from PKCS12 file

CER to PEM

openssl x509 -in aps_development.cer -inform der -out pushtryCert.pem

Private Key’s PKCS12 to PEM

openssl pkcs12 -nocerts -out pushtryKey.pem -in pushtry.p12
MAC verified OK
Enter PEM pass phrase: 
Verifying - Enter PEM pass phrase:

Combine CER+KEY to PEM

cat pushtryCert.pem pushtryKey.pem > ck.pem

Inspecting PKCS12

openssl pkcs12 -in pushtry.p12

output will be like:

...
MAC verified OK
Bag Attributes
...
-----BEGIN CERTIFICATE-----
...

...
-----BEGIN PRIVATE KEY-----
...

Select appropriate Development or Production, iOS or Mac, and its bundle identifier.

Inspecting PKCS12 structure

openssl pkcs12 -in pushtry.p12 -info -noout

Inspecting PEM

openssl rsa -in pushtry.pem -noout -check
openssl rsa -in pushtry.pem -pubout
openssl x509 -in pushtry.pem -noout -pubkey

PKCS12 to PEM

openssl pkcs12 -in pushtry.p12 -out pushtry.pem -clcerts -aes256

Not Recommended: Below command does not encrypt the private key ():

openssl pkcs12 -in pushtry.p12 -out pushtry.pem -nodes -clcerts

PEM to PKCS12

openssl pkcs12 -export -in pushtry.pem -out pushtry.p12

Test your PEM file

To test your "PEM" key in sandbox mode use the following command. Press enter to close the connection

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert pushtry.pem -key pushtry.pem

To test your "PEM" key in production mode use the following command

openssl s_client -connect gateway.push.apple.com:2195 -cert pushtry.pem -key pushtry.pem