about using OpenSSL to generate PEM files for the Go language implementation iOS push

This is a creation in Article, where the information may have evolved or changed.

Today in the completion of the iOS push process encountered some problems, colleagues helped me to register an Apple certificate, and then use the certificate to generate the corresponding PEM file, online about the generation of PEM file there are many ways

(1) PHP

Devicetoken: <6974ac11 870e09fa 00e2238e 8cfafc7d 2052e342 182f5b57 fabca445 42b72e1b>

2. Generate the app on the server required license *****br> 1) into provisioning Portal, download the certificates certificate under development.
3. Locate the app ID that you want to test, and then enable it under development Apple push Notification service:development push SSL Certificate. You need to enter the signing certificate in 1 to generate a aps_developer_identity.cer.
4. Double-clicking the aps_developer_identity.cer will open the system's key chain. Find Apple Development Push Services under my certificates. You need to export a. p12 file for each of the private keys under certificate and it. (The setup password process will appear)
5. The above 2. p12 files need to be converted to. Pem format:

Copy Code OpenSSL pkcs12-clcerts-nokeys-out cert.pem-in CERT.P12

OpenSSL pkcs12-nocerts-out key.pem-in key.p12


6. If you need to not encrypt the key:
  

Copy Code OpenSSL rsa-in key.pem-out Key.unencrypted.pem

7. Then you can merge two. pem files, the CK.PEM is the certificate required by the server.
  

Copy Code Cat Cert.pem Key.unencrypted.pem > Ck.pem

(2) Go

In PHP using OpenSSL to generate CERT.PEM and KEY.PEM process, respectively with CERT.P12 and KEY.P12 files, colleagues gave me only Aps_development.cer and PUSH_DEV.P12

generate CERT.PEM files with Aps_development.cer below

Command:

OpenSSL x509-in aps_development.cer-inform der-out Cert.pem -passin Pass:p12_pass (P12_pass is the password to generate the P12 file) generate an encrypted Key.pem file OpenSSL pkcs12-nocerts-out key.pem-inpush_dev.p12 -passin pass:p12_pass-passout pass:tmp_pass (TMP_ Pass to set a temporary password for the generation of unencrypted Key.pem files)
generate an unencrypted Key.pem file OpenSSL rsa-in key.pem-out unencryptkey.pem-passin Pass:tmp_pass (must be greater than or equal to 4 characters for the temporary password you just set)
The required CERT.PEM files and Unencryptkey.pem files are generated here. The Loadx509keypair in the TLS library provided by the go language does not have the option to pass in the password, so to generate Unencryptkey.pem files, you can download the Windows OpenSSL tool, It is then generated by the certificate itself.