Generating OpenSSL-based self-signed certificate
Certificate generation was tested on Linux OS.
Most Linux deployments have the OpenSSL package installed.
Checking OpenSSL Version
You can check the version by selecting one of the two commands.
$ rpm -qa openssl $ openssl version
Private Key Generation
A private key is generated by setting the password after entering the command.
$ openssl genrsa -des3 -out xpush.key 2048
When entering the command, it will ask for the password as shown below.
$ keytool -importkeystore -destkeystore APNs-Certificates.jks
-srckeystore APNs-Certificates.p12 -srcstoretype PKCS12Certificate Request Generation
A certificate request is required to apply for a certificate.
$ openssl req -new -key xpush.key -out xpush.csr
Specify the name of the certificate request, enter the command, then you will be asked for a password. After specifying the password, enter additional information.
Do not enter additional attribute information and press Enter twice to generate a certificate request.
Private Key Password Removal and Certificate Generation
If the key contains a password, it is recommended to remove the private key password and generate a certificate as it may ask for the password continuously when setting it on the web server.
$ cp xpush.key xpush.key.origin $ openssl rsa -in xpush.key.origin -out xpush.key
xpush.key.origin의 패스워드를 입력하면, 패스워드가 제거된 개인키가 생성됩니다.
crt certificate can be generated through the private key xpush.key file and certificate request xpush.csr.
$ openssl x509 -req -days 365 -in xpush.csr -signkey xpush.key -out xpush.crt
xpush.key.origin의 패스워드를 입력하면, 패스워드가 제거된 개인키가 생성됩니다.
The certificate format can be changed through the .crt file and it can be converted to extension files such as jks, pem, pcks, etc.
X-PUSH server supports encrypted communication with clients and SSL protocol can be used by setting Certificate Service through jks file.
JKS Certificate File Generation
You can generate a .jks certificate file with the command below.
$ keytool -genkey -v -keystore xpush.jks -alias server_private -keyalg RSA -sigalg MD5withRSA -keysize 1024 -validity 365
명령어 입력 후, 패스워드와 인증서 정보를 입력합니다.
Converting PKCS12 file to JKS format
When sending Notification to APNs from JDK 1.7 or higher, an SSL related error may occur or InvalidToken error code may be received from APNs. This can be solved by converting the APNs certificate file from PKCS12 format to JKS format.
APNs certificate file can be converted using the keytool included in the JDK and the keytool is located in the bin directory of the path where JDK is installed.
The example below shows an example command to convert the APNs-Certificates.p12 file to the APNs-Certificates.jks file using the keytool.
$ keytool -importkeystore -destkeystore APNs-Certificates.jks
-srckeystore APNs-Certificates.p12 -srcstoretype PKCS12When entering the command, it will ask for the password as shown below.
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:Generate the certificate by entering the password of the JKS format certificate to be created, reentering the password, and entering the original certificate password of PKCS12 format in order.
The figure below shows an example of converting APNs-Certificates.p12 file to APNs-Certificates.jks file using the keytool.
keytool을 사용하여 PKCS12 형식을 JKS 형식으로 변환
Set the converted JKS format certificate as follows. Change the KeystoreType item to JKS to match the certificate format.
<service name="ApnsNotifierService" ... > ... <attribute name="KeystorePath">conf/APNs-Certificates.jks</attribute> <attribute name="KeystorePassword">xpush</attribute> <attribute name="KeystoreType">JKS</attribute> <attribute name="production">false</attribute> <attribute name="badge">true</attribute> <attribute name="retries">3</attribute> ... </service>
Generating APNS Certificate
Accessing Apple Developer Center
1
Access Apple Developer Center developer.apple.com
Select the Account menu to log in
00-dev-apple-00-select-accn-menu
2
Enter your account and log in
00-dev-apple-01-log-in
3
Select Certificates, IDs & Profiles to move to the certificate management screen
00-dev-apple-02-select-cert-menu
Generating Certificate
1
Select the plus (+) button at the top right of the screen to start generating a certificate.
01-gen-cert-01-new-cert
2
Select a certificate type for development (Sandbox) or development/operation (Sandbox & Production).
01-gen-cert-02-select-cert-type
3
Select the App ID of the certificate to be generated.
01-gen-cert-03-select-app-id
4
Request to generate a CSR file.
01-gen-cert-04-create-csr
Generating CSR (Certificate Request)
1
Keychain Access – Certificate Assistant – Request a certificate from a certificate authority
02-gen-csr-01-req-cert
02-gen-csr-02-sav-disk
02-gen-csr-03-naming-csr
The certificate request must be generated for each app. For example, if you use the certificate request for APP1 and APP2 together, you will receive push notifications in the same app.
2
Upload the generated csr file
Certificate generation completed
01-gen-cert-05-upload-csr
03-gen-cert-01-cert-ready
03-gen-cert-02-complete
Exporting APNS Certificate in .p12 Format
04-export-p12-02-export-with-prv-key
04-export-p12-03-sav-p12
04-export-p12-04-set-passwd
Renewing APNS Certificate
When the APNS certificate expires, the certificate must be renewed. Certificate renewal is a form of discarding the existing certificate and generating a new one.
Before renewing the APNS certificate, the CSR file must be generated separately for each certificate.
Even if you use the renewed certificate for the X-PUSH server, you may not be able to receive the push notification if the certificate set in the client app is also expired.
인증서 revoke
Perform Generating APNS Certificate in the same way