About us

How to set up an Apple Push Certificate in APNs and why it’s important

Team MessageFlow
15 min
Push
February 9, 2024

The Apple Push Notification Service was introduced with iOS 3.0 back in 2009 as a superior alternative to the battery-draining background processes associated with pull technology and has been a core component in the process of developing apps for the system ever since. The APNs operates as a secure conduit for delivering timely notifications to Apple devices, however, to take full advantage of this communication channel, developers must navigate a set of requirements, with the Apple Push Certificate being one of them. This technology serves as a key credential, facilitating the secure transmission of notifications to users and today we’re taking a closer look at it.

The journey of APNs only began with its initial introduction. With the advent of MacOS X 10.7 Lion in 2012, the service extended its support to local applications through API integration. This expansion marked a significant stride, making the service more versatile and accommodating for various development scenarios.

Then, in 2013, the release of MacOS X 10.9 Mavericks brought in support for web notifications. This enhancement broadened the scope of APNs, allowing developers to easily integrate web-based notifications into their apps. The development added a new layer of interactivity, enriching the user experience across different Apple ecosystems.

The mechanics of Apple Push Notifications

Being able to send Push messages is a crucial aspect of user engagement, but the act has to be preceded by a series of strategic steps. Before your app can initiate a barrage of alerts, it must be configured and registered with a Push service specific to the mobile platform it’s built for. Both iOS and Android have their own Operating System Push Notification Service (OSPNS), acting as the gateway for developers to deliver messages to users.

1. The setup

The initial step involves registering your app with the respective operating system's Push messaging service. This registration grants you, the app publisher, access to the OSPNS API. This interface serves as the communication bridge between your application and the Push messaging service, allowing for a smooth exchange of information.

2. Integration of OSPNS API

Once you get access to the OSPNS API, you need to integrate the Push provider's Software Development Kit (SDK) into the app. This integration is key, as it establishes a connection between the application and the notification service. With the SDK woven into your app's architecture, the stage is set for a synchronized flow of notifications.

3. Uploading to the App Store

With the app configured, the next step is uploading it to the respective app store. This process marks the official entry of your application into the digital marketplace, ready to reach a broader audience. The configured app, equipped with the Push provider's SDK, becomes a vessel ready to deliver notifications to users who opt to subscribe through the provider's SDK.

4. User subscription and device registration

The final link in the chain involves users subscribing to your alerts through the integrated SDK. As users opt in, they’re added as subscribed devices within the Push messaging service's ecosystem. This subscription status establishes a connection between the app and the users, paving the way for the delivery of timely and relevant notifications.

Understanding the role of Apple Push Certificate in APNs

Now, efficient use of Apple's Push Service requires a proper understanding of the role played by the Push Certificate. Let's break the process down step by step.

Device token and creating an Apple Push Certificate

Initiating the sending of notifications through Apple Push Certificate portal requires the harmonious interaction of two key components: the device token and the Apple Push Notification Certificate. The former serves as a unique identifier allocated to the recipient device. iOS, acting as an intermediary, requests this token from APNs, subsequently passing it to your app. Then, your server passes on the device token back to the service. This dual function helps identify the target device and validate your authorization to notify the specified device.

Role of the APNs certificate in securing communication

The Apple Certificate is a crucial component in ensuring secure communication with APNs. Facilitating this dialogue involves the use of public and private key encryption. For your server to effectively communicate with the service, it's necessary to possess your private key and APNs's public key. These keys, combined with additional information, result in the creation of a p12 file commonly referred to as the Apple Push Notification Certificate. This file becomes the foundation for enabling seamless dispatch of messages using third-party tools.

The significance of Apple Push Certificate in APNs

The importance of the p12 file can’t be overstated. It serves as a cornerstone, ensuring the integrity and confidentiality of the communication process. Without it, the seamless transmission of notifications to users would be rendered impossible.

Essential component for secure communication

Its main role is establishing secure communication channels with APNs. The Push Certificate includes both your private key and the service's public key, facilitating a secure handshake between your server and APNs. This cryptographic framework guarantees that notifications are transmitted securely, safeguarding sensitive user data throughout the delivery process.

Delivery gateway

When crafting your notification, it's essential to include data such as the message content, badge count, and other relevant information alongside the device token. This details package is then relayed to APNs for further processing. Upon receipt, Apple undertakes rigorous verification checks on the device token to ensure its authenticity and validity.

Notification scheduling

Once the device token is authenticated, APNs initiates the scheduling of notification delivery. This process ensures that alerts are dispatched in a timely manner, optimizing user engagement and experience.

Enabling certificate-based connection to Apple Push Notification Service: A step-by-step guide

Establishing a certificate-based connection to APNs is a key step in enabling secure and efficient Pushes for your apps. Here's a detailed guide on obtaining and installing provider certificates through your Apple developer account.

1. Accessing your developer account: Log in to your Apple developer account and go to the Certificates, Identifiers, and Profiles section.

2. Adding a new certificate: Under the Certificates section, select Add new certificate.

3. Selecting certificate type: Choose Apple Push Notification service SSL as the certificate type and click Continue.

4. Associating App ID: Choose your app's App ID or Bundle ID and proceed by clicking Continue.

5. Creating a Certificate Signing Request: On your server, generate a Certificate Signing Request (CSR) and click Continue.

6. Uploading CSR file: Upload the CSR file to complete the process and click Continue.

7. Downloading your certificate: After the CSR submission, click Continue and then proceed to download your certificate.

Additional actions

Associating certificates and App IDs: For each new provider certificate created for different apps, associate the certificate with the corresponding App ID. Each certificate should also be linked to a CSR, serving as the private key used for encryption.

Installing certificate and private key: On your provider server, install the downloaded certificate and its associated private key.

Opening a connection to APNs: When initiating a connection to the APNs server, the following steps unfold:

1. A secure connection request is made using Transport Layer Security (TLS).

2. APNs responds by sending a certificate for the provider server to validate.

3. After successful validation, communicate back to the service by sending your provider server, thus establishing the connection.

Sending Push requests: With the established connection, you are now equipped to send Push requests to APNs, enabling communication and engagement with your app users. Following these steps ensures a secure and smooth-running process for obtaining, installing, and utilizing provider certificates to enable robust Push alerts for your iOS apps.

The lifecycle of your Apple Push Certificate: How to renew and deactivate

Since your signed certificate isn't ever-lasting and expires, understanding when and how to renew or deactivate it is crucial for maintaining a secure and uninterrupted communication channel with the APNs.

Renew the certificate

Ensuring the continuous operation of your Pushes system entails an annual renewal of your Apple Push Certificate, which has a validity period of one year. To initiate the process, access your Apple Developer Account, employing the same personal Apple ID used to create the certificate in the first place. Follow the outlined steps for renewal, adhering to the procedures established for the creation of the certificate. 

Deactivation: When and why

In situations where you suspect a compromise of either the certificate or its associated private key, deactivating the certificate is a necessary security measure. Access your Apple Developer Account and navigate to the certificate management section to locate the specific certificate slated for deactivation. Initiate the revocation process, placing the certificate on APNs's list of revoked certificates. This action makes it impossible for your server to establish a TLS connection with APNs, effectively closing the existing communication channel. If there is a need to reestablish communication, the recommended course is to configure a new provider certificate, following the previously outlined process.

Mobile Push automation

By now you should have a decent understanding of how to get your app ready for sending Pushes to Apple's mobile device. The next step is to automate the process in order to be able to do it efficiently at scale. 

Here at MessageFlow we offer a proven platform to help you maximize the potential of your mobile app. Its tightly secure environment allows you to create and dispatch Pushes either from a user-friendly panel or via a powerful RESTful API to achieve a variety of business goals with customized messages.

Contact us today if you'd like to start sending highly engaging notifications that inform and drive sales. Our scalable platform is handling hundreds of millions of messages each day, guaranteeing 99.99% deliverability across 190 countries.

Choose the perfect one-stop-shop for your omnichannel communication

Get a demo
Let's keep in touch!

Stay ahead of the curve with our newsletter, and be the first to know about the latest technological advancements and innovations!

Thank you for subscribing!

© 2023 messageflow.com | All rights reserved. | We use cookies.