I am trying to create a .pem file for the Apple Push Notification service, but can't find an easy way to generate it.
I do not have access to an Apple computer, so Apple's instructions are useless. Using Windows 10.
What I did:
CER format, courtesy of AppleSo in the end, I have the private key in plain text format and the cert in CER format.
However, I read that CER is supposed to just be a CRT with a different extension; that, however, does not appear to be the case, and I don't know how to extract the plain-text certificate from the CER file I received in order to make a PEM. Also I'm not quite sure on how to generate a p12 file from the stuff I have (this is listed as one of the possible easy ways to make a PEM).
The question is, either: is it possible to extract the plain-text cert from the CER file? Or alternatively, convert it to PEM along with the private key somehow? (I have OpenSSL)
Update: I was able to extract the text part of the CER, turns out Apple CERs are in DER format, so it's possible to use:
openssl x509 -in cert.cer -inform DER -out cert.crt
There is still a problem however: a PEM also contains some kind of data in between the key and the certificate (bag attributes, key attributes), not sure how to generate it. Investigating now but an answer would be very helpful!
OK so I think I figured it out. Still haven't tested if it works with real APNs, but APNs are quirky and could not work for a million reasons, and the PEM looks good, so here is what needs to be done (with OpenSSL), assuming you have cert.cer and cert.key (the plain-text private key):
openssl x509 -in cert.cer -inform DER -out cert.crtopenssl pkcs12 -export -out cert.pfx -inkey cert.key -in cert.crtopenssl pkcs12 -in cert.pfx -out cert.pem -nodesI tried shortening this process by combining 2 and 3, but it didn't generate a plain-text PEM.
Update: It worked with real APNs, so indeed this is a solution.