If you were ever asked by backend developer to provide .pem file to support Apple Push Notifications on the server you know how painful it is. This post will guide step by step.

At first, you have to create this certificate and import it to your keychain, but I assume you know how to do it. Let’s jump to the tricky part:

Export certificate and key separately

(right-click -> Export -> choose .p12 format). To make things easier you can name certificate apns-cert.p12 and key apns-key.p12 When prompted for a password, leave it blank.

Convert apns-cert.p12 into apns-cert.pem.

To convert certificate please execute following command in terminal: openssl pkcs12 -clcerts -nokeys -out apns-cert.pem -in apns-cert.p12 Just hit enter when asked for a password.

Convert apns-key.p12 into apns-key.pem.

To convert key please execute following command in terminal: openssl pkcs12 -nocerts -out apns-key.pem -in apns-key.p12 In this case, you will be asked for the password twice, first time hit enter as there was no password. In the second case, you will be asked to set a password to the newly created PEM file, please set it.

Remove the encryption from the key apns-key.pem file.

To remove previously set password execute the following command in terminal: openssl rsa -in apns-key.pem -out apns-key-noenc.pem

Merge apns-cert.pem and apns-key-noenc.pem into apns.pem.

To merge both generated pem files into one complete pem please execute: cat apns-cert.pem apns-key-noenc.pem > apns.pem

Send apns.pem to your backend developer 😉

I hope this tutorial will save you lot of time.