1、生成CSR文件
鑰匙串->證書(shū)助理->從證書(shū)頒發(fā)機(jī)構(gòu)請(qǐng)求證書(shū)

image.png

2、從鑰匙串訪問(wèn)導(dǎo)出p12文件
鑰匙串：登陸、密鑰
導(dǎo)出專(zhuān)用密鑰，名稱(chēng)為上一步填寫(xiě)的常用名稱(chēng)

image.png

image.png

3、生成.cer文件

image.png

4、生成pem文件

//.cer轉(zhuǎn)pem文件
openssl x509 -in aps_development.cer -inform der -out PushCert.pem
//p12轉(zhuǎn)pem文件
openssl pkcs12 -nocerts -out PushKey.pem -in apnsKey.p12
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

5、驗(yàn)證

//測(cè)試地址gateway.sandbox.push.apple.com:2195
//正式地址gateway.push.apple.com:2195
//測(cè)試連通性
telnet gateway.sandbox.push.apple.com 2195
Trying 17.188.165.215...
Connected to gateway.sandbox.push-apple.com.akadns.net.
Escape character is '^]'.

//驗(yàn)證證書(shū)有效性，return 0表示驗(yàn)證通過(guò)
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert PushCert.pem -key PushKey.pem

image.png

服務(wù)器需要證書(shū)

1、.net和java需要一個(gè)p12文件
上面兩個(gè)pem文件+CSR文件 -> 一個(gè)p12文件

openssl pkcs12 -export -in PushCert.pem -inkey PushKey.pem -certfile CertificateSigningRequest.certSigningRequest -name "server_phxxb" -out server_phxxb.p12
Enter pass phrase for PushKey.pem:
Enter Export Password:
Verifying - Enter Export Password:

//如果出現(xiàn)unable to load certificates
//把-certfile CertificateSigningRequest.certSigningRequest去掉
openssl pkcs12 -export -in Push
Cert.pem -inkey PushKey.pem -name "server_yezhu" -out server_yezhu.p12

2、php
兩個(gè)pem生成一個(gè)pem

cat PushCert.pem PushKey.pem > ck.pem