Last active
March 3, 2024 18:42
-
-
Save misterwell/7e27d7396724580352f1 to your computer and use it in GitHub Desktop.
A shell script for creating a .p12 certificate file containing the Certificate & private key for use by an APNS push provider application
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Script for generating .p12 files from APNS .cer files. | |
# Instructions: | |
# 1. Generate & download the push certificate inside Apple's developer portal | |
# 2. Import the .cer file into your Mac's Keychain Access, find it in your certificate list, and expand it to show the paired private key. | |
# 3. Select both the certificate and the paired private key, CTRL-Click & select Export Keys. Save it as Certificates.p12 in the same folder as the downloaded .cer file. You may give it a passphrase if you'd like, but be sure to remember it if you do. | |
# 4. Execute this shell file, with the format './CreateP12PushCert.sh <DownloadedCerFilename> <ExportedP12Filename> <OutputP12Filename>' | |
usage () | |
{ | |
echo "usage: LocalPublicPrivateKeyExport.p12 OutputFile.p12 OutputProtectionPassword" | |
exit; | |
} | |
if [ "$#" != "3" ] | |
then | |
usage | |
fi | |
if [ ! -f "$1" ] | |
then | |
echo "The exported .p12 cert & private key filename you provided was not found" | |
usage | |
fi | |
openssl pkcs12 -in $1 -clcerts -nokeys -out PublicCert.cer -passin pass: | |
openssl x509 -in PublicCert.cer -out identity.pem -outform PEM | |
openssl pkcs12 -nocerts -out Certificates.pem -in $1 -passin pass: -passout pass:$3 | |
openssl pkcs12 -export -in identity.pem -out $2 -inkey Certificates.pem -passin pass:$3 -passout pass:$3 | |
rm identity.pem Certificates.pem PublicCert.cer # Remove interim files |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The original .cer file from the developer portal is no longer needed. Simply pass in the .p12 file exported from the Keychain Access app and provide an output PEM password. This assumes the .p12 file is not protected by a password, but if it is the script can be easily modified with an optional 4th parameter to accommodate that.