"IOS Push full resolution (ii)" translation "--Generate OpenSSL certificate, Provisioning profile

Source: Internet
Author: User
Tags new csr openssl x509 unique id generate ssl certificate ssl certificate

This is a tutorial from Raywenderlich, the content is informative! The structure is simple and thorough, the explanation is gradual, article quality is superior! It's a difficult blog post! Use half a bottle of English to translate a bit:
1. Overview of "IOS Push full resolution" (i) push
2. "IOS Push full resolution" (ii) Generate a push certificate, Generate provisioning profile (this article)
3. "IOS Push full resolution" (iii) a minimalist demo and test push

View the original text here

--------------------------------------------------------------------------------------------------------------- -----------------------------

Provisioning profile and certificate, Oh my! For app push notifications to be useful, apps need to provisioning profile signatures. Additionally, the APP server needs to sign the push notification with an SSL certificate. Provisioning profile and SSL certificates are tightly connected and only available for one app ID, so that only your app server can send push messages to your app instead of someone else's app.
As you know, the app uses different provisioning profiles for development and distribution, respectively. Similarly, there are two types of push certificates:
Development App,app server that is signed by developer provisioning Profile must send a notification using a developer certificate.
Production App,app Server published according to ad hoc or App store must use Production certificate. If they are confused, the app will not receive a push notification.

This tutorial uses only development certificates


Generate Certificate Signing Request (CSR) Remember how you generated the development certificate for your app's real-computer-linked tune-up? If you remember, the following steps will be familiar. However, I recommend that you follow the steps strictly. Most of the time when the push notification was developed, a certificate issue was encountered.
Digital certificates are cryptography based on public-private keys. You don't have to know how cryptography uses the certificate: but you need to know that the certificate always works with the private key. The certificate is only the public part of the public-private key. It is safe to send to other people, however, the private key should be protected, it is a secret. The private key is not someone else's thing, but your own business! It is important to note that you cannot use a certificate without a private key.
Whenever you request a digital certificate, you need to provide a certificate Signing request (CSR). When the CSR is generated, a new private key is placed in the Mac keychain. Next, you send the CSR to a certification authority (this is iOS developer Protal), which generates an SSL certificate based on the CSR that you submitted.

Open "Keychain" in Mac, select menu, "Request a Certificate from a Certificate authority"


(figure) Request Certificate 1
If you do not have this menu option or display "Request a certificate from a certificate authority with key", you download and install WWDR Intermediate certificate and make sure that the keychain No private key is selected in the window.

You should see:


(figure) Request Certificate 2
Enter your email address. I heard I need to use the same email for app signing. However, it seems that any other email is OK.

Enter "Pushchat" as the name, here can enter any character, find a good remember, convenient behind we find the private key. Select "Saved to Disk" and click "Continue". Save the file as "Pushchat.certsigningrequest". In the "Key" column you can see the private, right-click, and select "Exprot"


(figure) Export certificate
Save the private key as PUSHCHATKEY.P12 and enter a password. In this tutorial, I use "pushchat" as the password for the P12 file, but you should choose a password that is easy to remember. This key (p12) file needs to be kept secret.
Generate app ID and SSL certificate

Sign in to iOS Dev center and select "Certificate,identifiers&profile" on the right panel.


(figure) IOS Dev Center

The following interface appears


(figure) Certificate,identifiers&profile outline
Now that we have an iOS app, select "Certificates" in iOS apps. Now you can generate a new app ID. Each push app requires a unique ID, because the push notification is sent to the specified app

Click "App IDs" on the left, click "+" button


(figure) Add app ID
Enter the following information:
APP ID Description:pushchat
APP Services Check the push Notification Checkbox
Explicit App ID
You'd better use your own bundleidentifier-com.yoursite.pushchat-instead of using mine. You also need to set the same bundle ID in Xcode. After entering this information, click "Continue". You will be asked if you are sure of this information, and if everything is correct, click "Submit"

Ha ha! You have successfully registered a new app ID


(figure) The APP ID generates
You'll also generate an SSL certificate in the next few minutes, and APP server will use this SSL certificate to establish a secure connection with APNs. This certificate is connected to the app ID. App server can only send push notifications to this app ID program, not other apps.

After the app ID is generated, it looks at this location in the list:


Display of APP ID (image)

Click on the Pushchat App ID in the list and a related window appears:


(figure) APP ID Details

Note in the "Push Notification" line, two orange origin, "configurable" respectively in the develop and distribution columns. This means your app ID can be used for push, but you also need to set it up. Click on the "Setting" button to configure:


(figure) App ID Config

Scroll down to the "Push Notification" section and select the "Create Certificate" button on the develop SSL Certificate line.


(figure) Generate a certificate

The "Add IOS Certificate" wizard appears:


(figure) Wizard
First thing, ask you to generate certificate signing request, this step you have finished, click "Continue". Next, you should upload the CSR file. Select the CSR you just generated and click "Generate".

Generate SSL Certificate This will take a few seconds, when it is done, click "Continue".


Now click "Download" to get the certificate, it is automatically named "Aps_development.cer"


Download the certificate (image)
As you can see, you already have a certificate available, and now the development is ready for push. If necessary, you can also download this certificate. Developer Push Certificate is valid for three months.
When you publish the app, repeat the above action. Gets a production certificate. The steps are similar. The production certificate is valid for one year and you need to make sure before the deadline.
There is no need to add this certificate to the keychain, of course you can double-click the Aps_development.cer file and you will find it associated with the private key.
To create a PEM file to your current location, you have three files:
CSR file
PUSHCHATKEY.P12 private Key File
SSL Certificate (Aps_development.cer)
Save these three files well. You can throw the CSR away, but I think it's easier to save it. When the certificate expires, you can use that CSR to generate a new certificate. If you generate a new CSR, you also export a new private key (P12) (after the certificate is installed, the message in the keychain is exported as P12)。 By reusing a CSR you can use an existing private key, only the. cer file will change.
You have to turn the certificate and the private key into a more easy-to-use format. Because our app server is written in PHP, you need to synthesize the certificate and private key into PEM format. The PEM format is easier to use for PHP. If your app server is written in a different language, the following steps are not used.
You will use the OpenSSL command line to operate. Open the command line and follow the steps below to enter the certificate's download folder, my desktop:
$ cd ~/desktop/
Convert CER to PEM file
$ openssl x509-in aps_development.cer-inform der-out Pushchatcert.pem
Convert P12 to PEM file
$ openssl pkcs12-nocerts-out pushchatkey.pem-in PUSHCHATKEY.P12
Enter Import Password:
MAC verified OK
Enter PEM Pass Phrase:
Verifying-enter PEM Pass phrase:
For the first time, you need to enter the P12 password so that OPENSLL can read it. Then you need to enter a new password for the PEM. Here I also use "Pushchat", you can use a more secure password.
Note: If you do not enter a PEM password, OpenSSL does not prompt for an error message, but the generated PEM file does not have a private key.
Finally, the synthetic certificate and key are a PEM file
$ cat Pushchatcert.pem pushchatkey.pem > Ck.pem
At this point, check to see if the certificate is healthy. Execute the following command:
$ telnet gateway.sandbox.push.apple.com 2195
Trying 17.172.232.226 ...
Connected to Gateway.sandbox.push-apple.com.akadns.net.
Escape character is ' ^] '.
Above is an ordinary, unencrypted connection to the APNs Server. See the information above to show that your Mac can connect to APNs. Ctrl + C closes the connection. If you get an error message, make sure that the firewall is released for 2195.
Let's connect again, this time using the SSL certificate and the private key to establish a secure connection
$ openssl s_client-connect gateway.sandbox.push.apple.com:2195-cert Pushchatcert.pem-key PushChatKey.pem
Enter Pass phrase for Pushchatkey.pem
You should see a lot of output, and these are the things that OpenSSL wants you to know what's behind you. If the connection succeeds, you can type some characters. Enter a carriage return and the server shuts down the connection. If there is a problem setting up the connection, OpenSSL will give you an error message, but you'll have to scroll up to find and view it.

"Note": There are two APNS servers: Sandbox server for testing, online live for production mode. Here, we use the sandbox server because our certificates are development, not distribution

--------------------------------------------------------------------------------------------------------------- --------------

Translator Plus:

The process of generating OpenSSL certificates and CK.PEM can be summarized as:


--------------------------------------------------------------------------------------------------------------- --------------

Manufacturing Provisioning Profile

In iOS Dev Center not yet, click the "+" button on the Provisioning Profiles button in the left sidebar.


(+provisioning file)
Step1: Select Type

Select the IOS APP Development option button and click Continue


(Provision develop)
STEP2: Configuring

Select the Pushchat app ID to ensure provisioning profile is accurately bound to the Pushchat app


(Select App ID)
STEP3: Generating

Select the certificate you want to include, which should now be a regular step.


(Select certificate)
STEP4: Select devices

Select the device you want to include,


Step5:profile's name.

Set provisioning profile to the name "Pushchat development"


(Provisioning name)
You're almost done, and finally, click on the "Download" button to download the latest generated provisioning profile.
Double-click Provisioning profile to add to Xcode or drag to Xcode.
If you're publishing an app, you can repeat the same process. Generate a profile for ad hoc or App Store release.

"IOS Push full resolution (ii)" translation "--Generate OpenSSL certificate, Provisioning profile

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.