Having valid iOS notification certificates in your app is needed in order for push notifications to work on iOS devices. In this article we’ll go over how to update the iOS notification certificates for your app if you would like to do it yourself.

iOS notification certificates expire annually so new ones need to be generated for your app periodically. 30 days before they expire you should receive an email from Apple letting you know that they are about to expire. We here at BuildFire are more than happy to update these certificates for you, but if you would like to update them yourself here’s how.

Next we’ll go over how to update the notification certificates for the iOS version of your app. Make sure that you’re doing this on an Apple computer as certain steps in the process require Apple-specific programs. Also, before you proceed you should make sure that you have the role of Admin and Account Holder in your Apple developer account. 

If your account was enrolled as an Individual then you already have this role assigned to you, but if your account was enrolled as a company or organization, you can double check your role by logging into the App Store Connect Portal (https://appstoreconnect.apple.com/) and clicking on “Users and Access”:

Here you’ll see the roles assigned to your account next to your name and email address:

Once you have verified that you have the role of Admin and Account Holder you can continue on with updating your notification certificates.

Step 1: Log-in to the Apple Developer Portal

Go to https://developer.apple.com/ and click on “Account” at the top of the page:

You will be prompted to log-in. Go ahead and do so:

Due to a requirement by Apple that all Apple developer accounts need to have 2-factor authentication enabled in them, you will also need to enter in the 6-digit code that Apple sends you in order to access the Apple developer portal over and above your email and password:

If you are on a work computer, or a trusted device, you’ll be given the option to trust that browser. This is up to you whether you want to trust that browser or not. Doing so will speed up this process in the future. If you’re on a public device, we recommend not trusting the browser in that instance.

Step 2: Click on Certificates, Identifiers & Profiles

Once you have logged-in to the Apple developer portal, click on the “Certificates, Identifiers & Profiles” found in the center of the page.

Step 3: Select the App That You Want To Generate A Certificate For

Next you’ll see an option called “App IDs” found under “Identifiers”. Go ahead and click that.

Once you have done this click on the app’s name:

This will take you to the information of that specific app.

Step 4: Generate the Initial Certificate Files

Next scroll down to the bottom of the first section of the app’s information and click “edit”.

Then scroll down to “Push Notifications” and select “Create Certificate” found in the “Production SSL Certificate” box.

Then click “Continue” at the bottom of the next page.

This will take you to the page where you will upload the certificate signing request file that you create in the next step. This is the first half of the process, additional work will be required on your Apple computer. Make sure that you don’t exit out of the Apple developer portal as you will need to go back for additional steps later.

Step 5: Open the Files in the Keychain Access program on your Apple computer

Next you will need to open the Keychain Access program. If you need help locating it you can search for it in spotlight at the top of your Apple’s computer screen next to Siri.

Once you have opened Keychain Access, click on “Certificates” found under “Category”.

Now that you’re in this area of Keychain Access, go to the top of your screen and select Keychain Access -> Certificate Assistant -> Request A Certificate From A Certificate Authority

This will open up a Certificate Assistant pop-up. In the Certificate Assistant pop-up the first two fields will need to be filled out. In the “User Email Address” field, enter in the email address that you use to log-in to your Apple developer account. In the “Common Name” field, enter in the name that your app was submitted to Apple under.

Leave the CA Email Address box blank and make sure that “Saved to Disk” is selected. Once the “User Email Address” and “Common Name” fields have been filled out, go ahead and click “Continue”. Then select where you want to save that file and click “Save”.

You can save it anywhere, but it may be easier for you to save it to your Desktop which will make the certificate file easy to locate again.

Then click "Done" to close that window.

Step 6: Go Back to the Apple Developer Portal

Now that you have the file generated in Keychain Access go back to the Apple developer portal and click “Choose File” under “Upload CSR File”. Then navigate the file that you just created (CertificateSigningRequest), and select “Open”.

Once the file has been uploaded click “Continue”.

Then click “Download” on the next screen.

This will download a file called “aps.cer” to your computer.

Step 7: Locate the “aps.cer” File and Double Click On It To Open It In Keychain Access and Set Up The Certificate File

Once you have downloaded the “aps.cer” file double click on it. 

A window may pop up asking you to add it, go ahead and select "add". This will open the file up in Keychain Access. Click on the arrow next to the certificate’s name to display the key with your app’s name. 

Next right click (or control click) on the certificate and select “Export ‘Apple Push Services: bundleID’…”.

When prompted give it the name of “cert” in the “Save As” box and click “Save”.

We recommend that you save this file to your Desktop which will make it easier to locate later on. Next you will be asked if you want to set up a password for this file. Click “OK” without setting up a password.

Next you will be asked to enter in the password used to log-in to that computer. Go ahead and enter in your computer login password and click “Allow”.

Step 8: Use Keychain Access to Set Up the Key File

Now that you have the Certificate file, you will need to generate the Key file. The process is very similar to creating the Certificate file. Right click (or control click) on the key and select “Export ‘App Name’…”.

When prompted give it the name of “key” in the “Save As” box and click “Save”. Just like with the “cert” file, we recommend that you save this to your desktop for ease of access later.

Again, you will be asked if you want to set up a password for this file. Click “OK” without setting up a password. You will again be asked to enter in the password used to log-in to that computer. Go enter in your computer login password again and click “Allow”.

Step 9: Open the Terminal on your Apple Computer

Now that you have the “cert” and “key” files created and saved to your desktop, you’ll need to open up the Terminal on your Apple computer. Just like Keychain Access, if you’re unsure of where it’s located you can search for it using spotlight which is found at the top-right corner of your computer next to Siri.

This is what it should look like when you first open it:

Navigate to the desktop by typing in: 

cd Desktop/

Then pressing enter.

This is what it should look like once you’ve navigated to the Desktop in the Terminal:

Once you’ve navigated to the desktop, paste this command into the Terminal and press Enter:
​
​

openssl pkcs12 -in cert.p12 -out cert.pem -clcerts -nokeys && openssl pkcs12 -in key.p12 -out key.pem -nocerts -nodes
​
​

You will be prompted for a password. Just press enter to continue. This will happen twice.

If done correctly, this will generate .perm versions of your iOS notification certificate and key files.

Step 10: Take Those Files and Upload Them to the App Dashboard

Once you have the .perm versions of your certificate and key files open up BuildFire’s App Dashboard and go to Notifications -> Settings. Here you can upload the “cert” and “key” files.

Congratulations! You’ve now updated the notification certificates for the iOS version of your app! We know that this can be a daunting task, so if you’d rather have us do this for you, we’d be more than happy to. If you would like us to update the iOS notification certificates for your app, just reach out to us at:
​
​support@buildfire.com

In addition to this article, we recommend checking out the following related articles so that you have a better insight into how to use the system to its fullest advantage:

Still have questions? No problem! Reach out to us and we’d be happy to help :)