While building the mobile app with SimiCart, many customers encounter difficulties in creating a pem file for iOS push notifications . So in this blog, I will guide you how to create a PEM file.


iOS app allows to push notification to all the mobile user. There are three things a push notification can do:

  • Display a short text message
  • Play a brief sound
  • Set a number in a badge on the app’s icon

PEM file is used to setup Apple Push Notification. In this tutorial, you will be guided to generate a PEM file.
Basically, to get a PEM file, you need to generate 3 following files:
(1) Certificate Signing Request (CSR file)
(2) SSL certificate (aps_ distribution.cer)
(3) Private key as a .p12 file

Okay. let’s start now

Step 1: Generating the Certificate Signing Request (CSR)

Whenever you apply for a digital certificate, you need to provide a Certificate Signing Request or CSR for short. When you create the CSR, a new private key is made that is put into your keychain. You then send the CSR to a certificate authority (in this case that is the iOS Developer Portal), which will generate the SSL certificate for you based on the information in the CSR.
Go to Applications/Utilities/Keychain Access on your Mac and choose the menu option Request a Certificate from a Certificate Authority

1- push-notification

If you do not have this menu option or it says “Request a Certificate from a Certificate Authority with key”, then download and install the WWDR Intermediate Certificate first. Also make sure no private key is selected in the main Keychain Access window.
You should now see the following window:

2- push-notification

(1) User email address: enter your email address here. It can be either same email address used to sign up for the iOS Developer Program or any email address.
(2) Common Name: enter anything you want but it should be something descriptive. For example, your app name. Here I put it as PushChat
(3) Check Saved to disk and click Continue. Save the file as “PushChat.certSigningRequest”.

Step 2: Making the App ID and SSL Certificate

(1) Log into the iOS Dev Center ; select the “Certificates, Identifiers and Profiles” from the right panel.

3- push-notification

(2) You will be presented with the following screen. Select Certificates in the iOS Apps section.

4- push-notification

(3) Each push app needs its own unique ID because push notifications are sent to a specific application. So please go to App IDs in the sidebar and click the + button.5- push-notification

(4) You will be presented with the following screen

6- push-notification

Then fill the following details:



App ID Description: name your ID. In this case, I name it PushChat
Explicit ID: the identification key of your app. In SimiCart, the identification key is formatted com.simicart.appname
Don’t forget to enable App Services Check the Push Notifications
Then click Continue button. You will be asked to verify the details of the App ID, if everything seems okay click Submit.

7- push-notificationIn a few moments, you will generate the SSL certificate that your push server uses to make a secure connection to APNS. This certificate is linked with your App ID. Your server can only send push notifications to that particular app, not to any other apps.
After you have made the App ID, it shows up like this in the list:


8- push-notification

In this case, I select the PushChat app ID from the list. This will open up an accordion as shown below:

9- push-notification

Notice: in the “Push Notification” row, there are two orange lights that say “Configurable” in the Development and Distribution column. This means your App ID can be used with push, but you still need to set this up. Click on the Setting button to configure these settings.

10- push-notification
Scroll down to the Push Notifications section. Go to Production SSL Certificate/ Create Certificate.

11- push-notification

The “Add iOS Certificate” wizard comes up:

12- push-notification

The first thing it asks you is to generate a Certificate Signing Request. You already did that, so just click Continue. In the next step you upload the CSR. Choose the CSR file that you generated earlier and click Generate.

13- push-notification

Click Continue when it’s done. Then click Download to get the certificate – it is named “aps_development.cer”

14- push-notification

As you can see, you have a valid certificate and Push is now available for development. You can download the certificate again here if necessary. The development certificate is only valid for 3 months.
When you are ready to release your app, repeat this process for the production certificate. The steps are the same.
Note: The production certificate remains valid for a year, but you want to renew it before the year is over to ensure there is no downtime for your app.
You don’t have to add the certificate to your Keychain, although you could if you wanted to by double-clicking the downloaded aps_development.cer file.

Step 3. Create .p12 file from digital certificate

(1) Double-click the downloaded aps_development.cer file. You will be presented with Keychain/ Certificate tab dashboard, in which your downloaded certificate file was newly added. Right-click that file and choose Export 2 items.
15- push-notification
– Name and save the .p12 file to a folder.
16- push-notification
– Then, there will be a popup shown asking for password. Set your own password.
17. push-notification
– Click OK. Tada! You’ve created PushChatKey.p12 file from aps_distribution.cer file
So now you got three files

  • The CSR
  • The private key as a p12 file (PushChatKey.p12)
  • The SSL certificate, aps_ distribution.cer

Let’s move to last step

Step 4. Create PEM file

Store these three files in a safe place. Then you have to convert the SSL certificate and private key into a format that is more usable. Because the push part of our server will be written in PHP, you will combine the certificate and the private key into a single file that uses the PEM format.
You’re going to use the command-line OpenSSL tools for this. Open a Terminal and execute the following steps.
Go to the folder where you downloaded the files, in this case is the Desktop:
$ cd ~/Desktop/
Convert the .cer file into a .pem file:
$ openssl x509 -in aps_distribution.cer -inform der -out PushChatCert.pem
Convert the private key’s .p12 file into a .pem file:
$ openssl pkcs12 -nocerts -out PushChatKey.pem -in PushChatKey.p12 Enter Import Password: MAC verified OK Enter PEM pass phrase: Verifying – Enter PEM pass phrase:
You first need to enter the passphrase for the .p12 file so that Open SSL can read it. Then you need to enter a new passphrase that will be used to encrypt the PEM file. Again for this tutorial I used “pushchat” as the PEM passphrase. You should choose something more secure.
Notice: if you don’t enter a PEM passphrase, Open SSL will not give an error message but the generated .pem file will not have the private key in it.
Finally, combine the certificate and key into a single .pem file:
$ cat PushChatCert.pem PushChatKey.pem > ck.pem

Yay, now you get the PEM file, which can be then used to set up Push notification feature on the iOS application. Do you find this easy to follow? If you get any problem, feel free to comment in the box below, I will reply soon!

P/s: If you are customers of SimiCart, please upload this PEM file to your Magento backend to enable the Push notification for your application.


How to create a PEM file for iOS push notifications
5 (100%) 12 votes
I'm an introvert who loves to figure out how things work and share it with people. Working in 2 biggest trend - mobile and e-commerce - really helps satisfy my curiosity.