在Windows上为iPhone应用程序将推送证书转换为P12格式 [英] Convert push certificate to P12 format on Windows for iPhone app
问题描述
我被告知,我们需要向P12格式的推送通知证书提供应用程序开发人员。我需要知道如何使用Windows。
我有以下:
- 开发人员证书* developer_identity.cer *
- 发行证书* distribution_identity.cer *
然后我被告知去去应用ID,找到我的新App ID,然后点击配置。然后为Apple的推送通知服务配置我的应用程序ID。
配置'生产推送SSL证书':它说我需要创建一个CSR并将其上传到苹果。 p>
在创建CSR时,我在OpenSSL中使用了以下内容:
openssl genrsa -out mykey.key 2048
然后
openssl req -new -key mykey.key -out CertificateSigningRequest.certSigningRequest -subj/emailAddress=yourAddress@example.com,CN = John Doe,C = US
以我自己的详细资料取代电子邮件,CN和C。
问题1:如何? P12将提供给第三方供他们推送;是电子邮件,CN和C在任何时候验证,或者这不重要吗?
假设上述都是正确的,这导致我得到另一个文件:* aps_production_identity .cer *
问题2:如何使用OpenSSL与上述文件向开发人员提供P12中必要的推送证书? / p>
(1)当证书创建时,Apple是否验证电子邮件,CN和C,由苹果公司的证书颁发机构(CA)签署,这样他们就可以知道当它用于连接时它是真实的。
(2)使用OpenSSL创建P12:
$ openssl pkcs12 -export -out my_cert_and_key.p12 - in my_cert.crt -inkey my_key.key
系统会提示您输入密码,您将需要在Windows上导入时再次键入。此密码正在保护私钥,它与证书一起位于P12文件中。也就是说,如果这将在Windows机器上导入。对于iPhone,忽略它,以及...
无论哪个Windows帐户导入证书,都可以访问私钥,以便在使用TLS连接时使用。如果您需要使用此证书连接的另一个Windows帐户,您必须授予其对私钥的读访问权限(您可以从MMC证书管理单元管理私钥中进行操作)。 )
I am told that we need to provide an application developer with a P12 format 'Push Notification Certificate'. I need to know how to get this using Windows.
I have the following:
- Developer certificate *developer_identity.cer*
- Distribution certificate *distribution_identity.cer*
I was then told to go to App IDs, find my new App ID and click 'Configure'. Then configure my App ID for Apple's Push Notification service.
Configure 'Production Push SSL Certificate': It says I need to create a CSR and upload it to Apple.
When creating the CSR I used the following in OpenSSL:
openssl genrsa -out mykey.key 2048
then
openssl req -new -key mykey.key -out CertificateSigningRequest.certSigningRequest -subj "/emailAddress=yourAddress@example.com, CN=John Doe, C=US"
Replacing email, CN and C with my own details.
Question 1: How is this right? The P12 will be provided to a third party for them to push; are the email, CN and C here validated at any point or does this not matter?
Assuming the above is all correct, this results in me getting another file: *aps_production_identity.cer*
Question 2: How can I use OpenSSL with the files above to provide the necessary Push Certificate in P12 to the developer?
(1) Whether or not the email, CN and C are validated by Apple when the certificate is created, the certificate is digitally signed by a Certificate Authority (CA) at Apple, so that's how they will know that it is authentic when it is used to connect. You could not forge that signature (of their CA, on your certificate.)
(2) To create a P12 with OpenSSL:
$ openssl pkcs12 -export -out my_cert_and_key.p12 -in my_cert.crt -inkey my_key.key
You will be prompted for a password, which you will need to type in again when importing it on Windows. This password is protecting the private key, which is in the P12 file along with the certificate. That is, if this is going to be imported on a Windows machine. For the iPhone, ignore that, and what follows...
Whichever Windows account imports the certificate, will have access to the private key to use it when connecting with TLS. If you need another Windows account to connect using this certificate, you will have to grant it read access to the private key (which you can do from the MMC Certificates snap-in, "Manage Private Keys".)
这篇关于在Windows上为iPhone应用程序将推送证书转换为P12格式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
