Page tree
Skip to end of metadata
Go to start of metadata

When the Push Notifications setting is enabled for an iOS App Catalog, users on iOS devices will see a red notification badge on the App Catalog when there are updates of the apps they installed from the App Catalog. Users are able to receive application and group notifications sent by an administrator through the Admin Portal. To send push notifications, App Management uses APNs (Apple Push Notification service). 

To configure your App Catalog so that it can be enabled for Push Notifications, you need to create a push SSL certificate and add it to your Keychain. You then need to export it to a PKCS #12 file that you can upload to App Management.

You can deploy an iOS App Catalog without enabling it for Push Notifications, but we recommend that you do enable Push Notifications in order to provide your users with an optimal App Catalog experience. For more information, see Push Notification for an App Catalog.

Create a Push SSL Certificate

The following procedure describes tasks that are performed outside of App Management's systems. The UI or procedure may change without notice. For the official Apple documentation, see Maintaining your Signing Credentials and Certificates. In Apple's official documentation the terms distribution certificate and production certificate are synonymous.

To create a push SSL certificate
  1. Log in to the iOS Dev Center with the Apple ID and password for your Apple Developer account. 
  2. In the left column, click Certificates, Identifiers & Profiles
  3. Under the iOS Apps section, click Identifiers.
  4. Under Identifiers, click App IDs
  5. In the list of iOS App IDs, select the App ID you registered for the App Catalog. If you have not yet registered an App ID for the App Catalog, follow the Register an App ID procedure.  
  6. Click Edit at the bottom of the page.  
  7. On the iOS App ID Settings page, ensure that Push Notifications (towards the bottom of the page) is enabled.
  8. Under Push Notifications, in the Production SSL Certificate section, click Create Certificate to display instructions for generating a Certificate Signing Request (CSR). 
  9. Follow the instructions to generate a CSR and save it to your desktop. 
  10. Click Continue. 
  11. Click Choose File to select the CSR that you just saved to your desktop and then click Generate
  12. When the page indicates that "Your certificate is ready," click Download to save the Certificate (.cer) file to your Downloads folder.

You are now ready to add the certificate to your Keychain.

Add a Push SSL Certificate to Your Keychain

To add a push SSL certificate to your Keychain
  1. Double-click on the aps_production.cer file you saved to your Downloads folder when you created the push SSL certificate. This automatically installs the certificate in your Login Keychain and opens the Keychain Access application.

    In the Keychain Access window, you should see the Apple Production iOS Push Services certificate. If you click the arrow to the left of the certificate, you will see the private key associated with the certificate.

    If you do not see the certificate in your Login Keychain, check to see if it is in a different Keychain. If it is, move it to your Login Keychain.

Export a Push SSL Certificate to a PKCS #12 File

To export a push SSL certificate from your Login keychain to a .p12 file
  1. On your Mac, open Keychain Access. 
  2. In the My Certificates category of your Login Keychain, highlight both the Apple Production iOS Push Services certificate and its private key, right-click them and then choose Export 2 items
  3. In the Save As field, enter a name for the certificate file. 
  4. From the Where list, select a location to save the file.  
  5. From the File Format list, select Personal Information Exchange (.p12). 
  6. Click Save
  7. You are prompted to enter a password for the certificate file. Leave the password fields blank and click OK.  
  8. When prompted, enter your Login Keychain password to authorize Keychain Access to export the items. Click Allow.

Next Steps