How to Create and Assign an Apple Certificate
OVERVIEW:
This guide will walk you through the process of creating and renewing an Apple Certificate for wallet passes. Follow each step carefully to ensure everything goes smoothly.
Prerequisites:
Step 1: Create the CSR (Certificate Signing Request)
On your Apple computer, open the Keychain Access application You can find it in your Applications folder or by searching via LaunchPad
From the Keychain Access menu, select Certificate Assistant, then Request a Certificate From a Certificate Authority.
In the window that opens, set the following fields...
User Email Address: info@phyrem.com
Common Name: Zach Bolton
Request is: Saved to disk
When you click Continue you will be prompted to save this CSR to your computer. To make the process easier, we recommend you creating a new folder to store these certificate files. The example below shows a new empty folder, to which we will save the CSR. You can keep the filename for now, as we will re-name it in a later step. Click Save to save your CSR to this folder. We will refer to this folder as your "working directory" in this guide.
In the next screen you can click the Show in Finder... button to open the folder you just saved the CSR in.
You should now have your folder open with your CSR inside.
Step 2: Locating the Certificate you want to renew/update
Log into https://developer.apple.com with the info@phyre.com username
Choose Certificates, IDs & Profiles in the left navigation
Choose Identifiers from the left navigation
From the App IDs menu on the right, select Pass Type IDs
For this example will be updating the StoreCard pass type. The process will be the same regardless of pass type. Click on the StoreCard pass.
Step 3: Uploading the CSR (Certificate Signing Request)
Click the Create Certificate button in the lower left
In the Create a New Certificate screen, populate the Enter your Pass certificate Name field using the following naming convention: <type of pass> <date>. In this example I will be using StoreCard 071422 as my Pass certificate Name. After populating the name, under Upload a Certificate Signing Request click the Choose File.
In the Finder window that opens, navigate to the folder you created in Step 1.D, where you saved your CSR (Certificate Signing Request). Select that file and click Open.
Click Continue in the upper right to proceed.
Step 4: Creating the P12 file
Your CSR (Certificate Signing Request) has been uploaded to Apple. We now need to download the cer file that will be used to create the P12 and PEM files we need to use for the Phyrem Wallet Push Notifications for Apple devices. Click Download to get the cer file. Please take note of the Expiration Date listed on this Certificate. Possibly save it temporarily to a text file, or just write it down, for reference. You will need this in a future step.
The pass.cer file will be downloaded to your computer. Typically this is to the Downloads folder. Locate this pass.cer file and move it to the same folder as your CSR (Certificate Signing Request), that you created in Step 1.D. That folder should now have 2 files in it, the CSR and the newly downloaded pass.cer.
Return to the Edit your Identifier Configuration screen from Step 3A, then highlight the Identifier name (pass.phyrem.main.StoreCard in this example), then Right-Click and copy the Identifier name. This will be used as a naming convention for the new P12 and PEM files we will be creating in the upcoming steps.
Return to the folder that houses your CSR and pass.cer files. Rename the pass.cer using the Identifier name you copied in the previous step.
After you have renamed the .cer file, double-click on the file and it will open in the Keychain Access application. The Name of the certificate will appear in this format: Pass Type ID: <apple pass identifier name>. If you have multiple of that particular certificate, you can identify the one you just imported by the Expires date. It will have the latest date.
Right-Click on the new certificate in the list and choose Export.
Navigate to the same working folder you created in Step 1.A. Verify that the File Format is "Personal Information Exchange (.p12)". Name the file using the same Identifier name you copied from Step 4.C and use that as the name for this exported file. Then, click Save.
Tip: you can click on the existing .cer file you have in this folder, which should have the Identifier Name, and it will use that same name with the .p12 extension.
You will be prompted to enter a password to secure the file. Use Administrator@2022. Type the same in the Verify box and click the OK button to continue. You can check the Show Password checkbox to verify that you're entering it correctly.
Next, you will be prompted for the password of your Mac computer account that you're using right now. It is the password you use to log into your computer. This is NOT the password you used in the previous step.
You should now have the p12 file in working directory.
Step 5: Creating the PEM file
Now we need to create the PEM file using Terminal. The easiest way to get to a Terminal starting in your working directory is to Right-Click on the folder name in the path bar at the bottom of the Finder window of your working directory and select "Open in Terminal".
In the Terminal window that opens, use the following string as a template, replacing <identifier name> with same name you've been using as filenames (pass.phyrem.main.StoreCard in this example). See step 4.C. You may want to copy and paste the command below into TextEdit in order to make the identifier name replacements prior to pasting it into your Terminal window.
openssl pkcs12 -in <identifier name>.p12 -out <identifier name>.pem -nodes -clcerts
For this example, the command would look like this..
openssl pkcs12 -in pass.phyrem.main.StoreCard.p12 -out pass.phyrem.main.StoreCard.pem -nodes -clcerts
After you have created your command with your identifier names, copy that command and return to your Terminal window. At the prompt, right click and Paste your command into the terminal and press your Enter key on your keyboard to execute the command.
For my example, this is what it should look like prior to hitting Enter.
You will be prompted for a password. Use the password from Step 4.H. which should be Administrator@2022. Press the Enter key on your keyboard after entering the password.
The PEM file should have been created in your working directory. We can now proceed to updating the P12 and PEM files in the Phyrem system.
Step 6: Updating the P12 and PEM files in Phyrem
Production: Navigate Inventory->Add/Manage Certificate
Use the Search field in the upper right of the data table and search for your pass type name. When you find it, click on the blue Actions menu button and select Edit.
The information you will need in this screen is the...
Password you used in Step 4.H. (Administrator@2022)
Expiration Date from Step 4.A
The P12 file you created in Step 4
The PEM file you created in Step 5.
In this Edit Certificate screen, populate the Password and Expiry Date
For the P12 and PEM file updates, simply click the blue Change button, navigate to your working directory, and select the P12 file you created in Step 4. Follow the same step for the PEM file using it's Change button.
Click the Update button when complete. You have now updated the Push Notification Certificate for the Production environment.
Related Articles
How to generate QR Codes & Assign to an Org
Overview This article walks you through the process of generating QR codes and assigning them to an organization within the platform. You’ll learn how to create unique, scannable codes, link them to the correct org account, and ensure they are ...