1、生成CSR文件
钥匙串->证书助理->从证书颁发机构请求证书

image.png

2、从钥匙串访问导出p12文件
钥匙串：登陆、密钥
导出专用密钥，名称为上一步填写的常用名称

image.png

image.png

3、生成.cer文件

image.png

4、生成pem文件

//.cer转pem文件
openssl x509 -in aps_development.cer -inform der -out PushCert.pem
//p12转pem文件
openssl pkcs12 -nocerts -out PushKey.pem -in apnsKey.p12
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

5、验证

//测试地址gateway.sandbox.push.apple.com:2195
//正式地址gateway.push.apple.com:2195
//测试连通性
telnet gateway.sandbox.push.apple.com 2195
Trying 17.188.165.215...
Connected to gateway.sandbox.push-apple.com.akadns.net.
Escape character is '^]'.

//验证证书有效性，return 0表示验证通过
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert PushCert.pem -key PushKey.pem

image.png

服务器需要证书

1、.net和java需要一个p12文件
上面两个pem文件+CSR文件 -> 一个p12文件

openssl pkcs12 -export -in PushCert.pem -inkey PushKey.pem -certfile CertificateSigningRequest.certSigningRequest -name "server_phxxb" -out server_phxxb.p12
Enter pass phrase for PushKey.pem:
Enter Export Password:
Verifying - Enter Export Password:

//如果出现unable to load certificates
//把-certfile CertificateSigningRequest.certSigningRequest去掉
openssl pkcs12 -export -in Push
Cert.pem -inkey PushKey.pem -name "server_yezhu" -out server_yezhu.p12

2、php
两个pem生成一个pem

cat PushCert.pem PushKey.pem > ck.pem