Getting and Managing Your App's Push Notification SSL Certificate

UPDATE: 8/2012 : Thank you for visiting our archival support site! We've got updated information on Setting Up your Push SSL PEM File on our new support site ( If you would like to add Push Notifications to your iOS, Android or Windows Phone applications, visit our website at ( to sign up today!

At this point, you should have completed the TapLynx configuration process to build your application, created a Push IO TapLynx account, and uploaded your NGConfig.plist file found in Xcode.

Note: There's also a screencast you can follow along with to see this process happen on screen:

For people who like to know why this step in the process is necessary, read this paragraph. For people who just want to get their push notifications going, go to Step 1. In order to turn on Push IO notifications for your app we need to be able to publish notifications on your behalf, which requires a Secure Sockets Layer (SSL) Certificate - a key that gives us permission to do so. With your App Bundle ID, NGConfig.plist for your app, and your SSL Certificate, we can make Push IO notifications possible. Once you have plugged your API key into your app, we'll move on to the Provisioning stage to ensure that your notifications are implemented and working properly.

This stage will involve 3 steps on your computer: 1) The iPhone Developer Provisioning Portal, 2) Keychain Access, and 3)

Step 1: Open your web browser and log in to the iPhone Developer Provisioning Portal.

On the left menu bar, Select the App IDs option. To enable push notifications, you must ensure your App Bundle ID is push compatible. It cannot contain wild-card characters like asterisks (*). Instead, specify an App ID which includes your app name.

 Bad ID Ex: com.yourcompany.*
 Good ID Ex: com.yourcompany.YourApp

From the App ID Details screen, click the checkbox to "Enable for Apple Push Notification service." Then, click the Configure button on the "Production Push SSL Certificate" line. Use the screenshot below for reference. (Even if you are currently working on an ad hoc build, you will not want to select Development Push SSL Certificate. Always choose the Production Certificate option.)


Clicking this button will launch the Apple Push Notification service SSL Certificate Assistant.

Step 2: Using the instructions provided in the first screen, launch the Keychain app in Mac OS X and "Request a Certificate."

Ensure the "Saved to disk" on the "Request is:" option, and click the checkbox next to "Let me specifiy key pair information."


Click the Continue button. Use the dropdowns on the ensuing screen to specify "Key Size" at 2048 bits and "Algorithm" as RSA. Click the Continue button once more and save the Push Certificate Request to your hard drive in the default location.

Step 3: Upload your Push Certificate Request back in your Apple Push Notification service SSL Certificate Assistant web browser window using the instructions provided. You may have to click the "Continue" button if it is still on the "Generate Certificate Signing Request" screen. Click the Generate button.

Once your SSL Certificate has been generated, click the Continue button and download your .cer Certificate file.

Step 4: In Keychain, select "My Certificates" from the lower left menu bar, and import the .cer Certificate file you just downloaded. Export the file from Keychain as a .p12 to your desktop. Rename it after your application if you wish.


Step 5: Ensuring the .p12 file you exported from Keychain is on your Desktop, open Terminal and run the following commands, changing MyPushApp to the name of the .p12 file you created previously:


A verson of that command suitable for copy and paste:

openssl pkcs12 -in EXPORTED_FROM_KEYCHAIN.p12 -out TO_BE_UPLOADED.pem -nodes -clcerts

Step 6: In your web browser, log in to the Push IO account admin interface. Click on the name of your app, and upload your .pem file by browsing your computer using the SSL Certificate uploader provided.

Note: Please do not email your certificate file to us, if you need to transfer it a different way, please contact us for a secure dropbox.

That's it! Once you have uploaded your NGConfig.plist file and added your App Bundle ID to the app through your Push IO account interface, we'll generate your API Key. Add it to your NGConfig.plist and rebuild your app to add the Push IO user interface and begin sending push notifications from Push IO.

The final stage for testing is creating an AdHoc version of the application and a provisioning profile. Before doing so, you will need testing information from Push IO to ensure the push notifications will work properly before you upload the app to iTunes Connect for review by Apple. Contact for this final step.