Creating an iOS push certificate PEM file

in the Apple developer console:

  • Create a development iOS certificate of type “APNs Development iOS” – this is a certificate used to connect between your entity that sends the push (e.g a php script on a server or some other app) and the APN development (sandbox) gateway that delivers the push to the remove iOS device.

Creating a APMs push certificate is done by following the steps in adding a certificate in the development console, which includes selecting the certificate type, selecting the App ID it should be associated with (e.g. com.naturongo.mypush) downloading the certificate request, double-clicking the request file and using the KeyChain Access application to fill out the request, uploading the resulting file and the signed certificate will be generated.

  • Click the download button for this certificate – this will download a .cer file to your local drive

  • Double click this .cer file – this should add it to your keychain via the Keychain Access application

  • Once you’ve identified it in your Keychain Access application, ctrl-click it and select the export option.

  • Export it to a .p12 file. You will be requested for a password to be used for accessing the private key in this file – lets suppose the password is “pass”

  • Once you have the .p12 file on your drive – lets call it cert_push_dev.p12 then convert it to a pem file via:
    openssl pkcs12 -in APN_push_dev.p12 -out APN_push_dev.pem -nodes -clcerts

  • The assumption is that at this point you have the following:
  1. An APN token from an iOS application that registered with an APN Server
  2. The pem file created in the previous step
  3. The password to this pem file

    Given all this, you can now use the following php script to send a push notification to the remote iOS device associated with the APN token:

    // This is the APN token received by the iOS device when registering with the APN server
    $deviceToken = "aba3213b06b13d33b881058bfe8c88478a1d1d07fbed6d3303afc904fe874e7d";
    $message = 'You have recieved new notification!';
    $ctx = stream_context_create();
    stream_context_set_option($ctx, 'ssl', 'local_cert', 'APN_push_dev.pem');
    stream_context_set_option($ctx, 'ssl', 'passphrase', 'pass');
    // Open a connection to the APNS server
    //$APNS = 'ssl://'; // production server
    $APNS = 'ssl://'; // development
    $fp = stream_socket_client( $APNS, $err, $errstr, 60,
                                STREAM_CLIENT_CONNECT|STREAM_CLIENT_PERSISTENT, $ctx);
    if (!$fp) {
        exit("Failed to connect: $err $errstr" . PHP_EOL);
    echo 'Connected to APNS' . PHP_EOL;
    // Create the payload body
    $body['aps'] = array(
        'alert' => $message,
        'sound' => 'default',
        'data' => 'test data'
    // Encode the payload as JSON
    $payload = json_encode($body);
    // Build the binary notification
    $msg = chr(0) . pack('n', 32) . pack('H*', $deviceToken) . pack('n', strlen($payload)) . $payload;
    // Send it to the server
    $result = fwrite($fp, $msg, strlen($msg));
    //echo "send result=$resultn";
    if (!$result) {
        echo 'Message not delivered' . PHP_EOL;
    else {
        echo 'Message successfully delivered' . PHP_EOL;
    // Close the connection to the server

If the above file is named push_ios.php then
Sending a push notification can now be done by running php from the command line:
php -f push_ios.php

Leave a Reply

Your email address will not be published. Required fields are marked *