Troubleshooting Push Certificate Problems

I can't export a push certificate as a p12 file

Keychain Access may not show an option to export a push notification certificate as a Personal Information Exchange (p12) file. This happens when the private key associated with the certificate is missing.

The SSL certificate available in your Apple Developer Program account contains a public key but not a private key. The private key exists only on the Mac that created the Certificate Signing Request uploaded to Apple. Both the public and private keys are necessary to export the Personal Information Exchange (p12) file.

If the Mac that created the Certificate Signing Request is available to you, open Keychain Access on that Mac. Look for a public and private key pair that uses the name entered as the Common Name for the Certificate Signing Request. Export those keys and transfer them to the Mac that will be used to export the certificate.

That Mac may not be available to you. It may have been replaced, erased, or just can't be found. In that case you will need to create a new push certificate and revoke the old one.

“This certificate has an invalid issuer” when I add the certificate to a keychain

The error “This certificate has an invalid issuer” means that the Apple World Wide Developer Relations certificate that issued the push certificate is no longer valid. It may be expired or damaged. Remove the WWDR certificate from your keychain and download a new one.

My push certificates are expiring

When a certificate expires it can no longer be used to send push notifications. Each App ID can have 2 development and 2 production push SSL certificates at a time. Create a new certificate and it to your App ID in the Apple Developer Center.

Add the new certificate to any services you use to send push notifications. Once those services are updated with the new certificate you can revoke the expiring one.

I can't export a push certificate as a PEM file

The SSL certificate available in your Apple Developer Program account contains a public key but not a private key. The private key exists only on the Mac that created the Certificate Signing Request uploaded to Apple. Both the public and private keys are necessary to export the Privacy Enhanced Mail (PEM) file.

If the Mac that created the Certificate Signing Request is available to you, open Keychain Access on that Mac. Look for a public and private key pair that uses the name entered as the Common Name for the Certificate Signing Request. Export those keys and transfer them to the Mac that will be used to export the certificate.

That Mac may not be available to you. It may have been replaced, erased, or just can't be found. In that case you will need to create a new push certificate and revoke the old one.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.