A shell script for creating a .p12 certificate file containing the Certificate & private key for use by an APNS push provider application

CreateP12PushCert.sh

#!/bin/sh
# Script for generating .p12 files from APNS .cer files.
# Instructions:
#  1. Generate & download the push certificate inside Apple's developer portal
#  2. Import the .cer file into your Mac's Keychain Access, find it in your certificate list, and expand it to show the paired private key.
#  3. Select both the certificate and the paired private key, CTRL-Click & select Export Keys. Save it as Certificates.p12 in the same folder as the downloaded .cer file. You may give it a passphrase if you'd like, but be sure to remember it if you do.
#  4. Execute this shell file, with the format './CreateP12PushCert.sh <DownloadedCerFilename> <ExportedP12Filename> <OutputP12Filename>'

usage ()
{
	echo "usage: LocalPublicPrivateKeyExport.p12 OutputFile.p12 OutputProtectionPassword"
	exit;
}

if [ "$#" != "3" ]
then
	usage
fi

if [ ! -f "$1" ]
then
	echo "The exported .p12 cert & private key filename you provided was not found"
	usage
fi

openssl pkcs12 -in $1 -clcerts -nokeys -out PublicCert.cer -passin pass:
openssl x509 -in PublicCert.cer -out identity.pem -outform PEM
openssl pkcs12 -nocerts -out Certificates.pem -in $1 -passin pass: -passout pass:$3
openssl pkcs12 -export -in identity.pem -out $2 -inkey Certificates.pem -passin pass:$3 -passout pass:$3
rm identity.pem Certificates.pem PublicCert.cer     # Remove interim files

The original .cer file from the developer portal is no longer needed. Simply pass in the .p12 file exported from the Keychain Access app and provide an output PEM password. This assumes the .p12 file is not protected by a password, but if it is the script can be easily modified with an optional 4th parameter to accommodate that.