> ## Documentation Index > Fetch the complete documentation index at: https://documentation.onesignal.com/llms.txt > Use this file to discover all available pages before exploring further. # iOS p12 certificate generation > Generate and upload a .p12 push certificate to connect your iOS or macOS app to Apple Push Notification service (APNs) through OneSignal. Sending push notifications to iOS apps requires an authenticated connection to Apple Push Notification service (APNs). You can authenticate using a **[token-based (.p8 key)](./ios-p8-token-based-connection-to-apns)** or a **certificate-based (.p12 file)** method — only one is necessary. .p12 certificates expire after one year. If you don't want to manage annual renewal, [create a .p8 key](./ios-p8-token-based-connection-to-apns) instead — .p8 keys do not expire. This guide covers the **certificate-based (.p12 file)** method. This is not recommended because you must renew it annually, which requires generating a new certificate in your Apple Developer Account and re-uploading it to your OneSignal dashboard. *** ## Requirements Make sure you have the following before starting: * An iOS or macOS app. * A [**Paid Apple Developer Account**](https://developer.apple.com/) with [**Admin** access](https://appstoreconnect.apple.com/access/users). * A [**OneSignal Account**](https://onesignal.com). * A Mac with Xcode 14+. * The **Bundle ID** for your app target as set in Xcode. * An Xcode project with **Push Notification capability enabled**. *** ## Create a Certificate Signing Request (CSR) You first need to create a `.certSigningRequest` file on macOS. 1. Open **Applications > Utilities > Keychain Access**. 2. From the menu bar, click **Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority...** Keychain Access menu showing Certificate Assistant option 3. Fill in the required fields: * **User Email Address**: `[email protected]` * **Common Name**: Your name or the name for the certificate * **CA Email Address**: Leave this blank * **Request is**: Select **Saved to disk** Certificate Assistant window with email, common name, and Saved to disk fields 4. Click **Continue**, choose a location to save the `.certSigningRequest` file, and click **Save**. *** ## Enable push capabilities for the app Skip this section if you use **Automatically manage signing** in Xcode. 1. Go to the [Identifiers](https://developer.apple.com/account/ios/identifier/bundle) section of the Apple Developer portal, locate and select your app's **App ID** from the list. Apple Developer Identifiers section showing list of App IDs 2. Enable the **Push Notifications** capability by checking the box. **Do not** click **"Configure"** — just enable the toggle. App ID capabilities list with Push Notifications checkbox enabled *** ## Create a push certificate Follow these steps to generate the Apple Push Notification service (APNs) SSL certificate: 1. Visit the [Apple Certificates page](https://developer.apple.com/account/resources/certificates/add). 2. Click the **plus (+)** button to create a new certificate. 3. Under **Services**, select: * **Apple Push Notification service SSL (Sandbox & Production)** * Then click **Continue** Apple Certificates page showing Apple Push Notification service SSL Sandbox and Production option 4. Select your **App ID** from the list and click **Continue**. App ID selection dropdown for the push certificate 5. Upload your previously generated `.certSigningRequest` file. Upload Certificate Signing Request file dialog 6. Click **Continue**, then click **Download** to save the resulting `.cer` file to your computer. Download button for the generated .cer certificate file You’ll use this `.cer` file in the next section to create your `.p12` certificate. *** ## Create a private key and export the .p12 certificate 1. **Double-click** the downloaded `.cer` file to import it into **Keychain Access**. 2. In Keychain Access, navigate to: * **Keychains > Login** * **Category > My Certificates** 3. Locate the certificate named **Apple Push Services**. 4. **Right-click** the certificate and select **Export**. Keychain Access right-click menu showing Export option for Apple Push Services certificate 5. Choose a location to save the file, and select the file format as **`.p12`**. 6. When prompted, set a **password** for the `.p12` file. You will need this password when uploading to OneSignal. Save dialog showing .p12 file format selection and password prompt *** ## Upload the .p12 to OneSignal 1. In your [OneSignal dashboard](https://onesignal.com), go to your app > **Settings > Push & In-App > Apple iOS**. 2. Upload the `.p12` file (and enter the password if you set one). Click **Save**. You’ve successfully set up **APNs authentication using a .p12 certificate** in OneSignal. Your iOS app is now ready to send and receive push notifications! 🎉 *** ## .p12 troubleshooting ### Invalid certificate format error **Cause:** The uploaded file is not in `.p12` format. **Fix:** Ensure you export the certificate from Keychain Access **as `.p12`** (not `.cer` or `.pem`). ### "Incorrect password" when uploading to OneSignal **Cause:** Password was entered incorrectly or not set. **Fix:** * Try exporting again and set a **new password**. * Ensure no extra spaces are added when pasting. * If using Provisionator, the password is shown in the UI. ### Missing private key in exported file **Cause:** Certificate was imported but not paired with a private key. **Fix:** * Make sure you **generate the CSR** from Keychain Access on the same machine. * After downloading the `.cer` file, double-click to install and check if the key appears under **My Certificates**. ### Push notifications not working after upload **Cause:** Incorrect App ID, or Provisioning Profile missing capabilities. **Fix:** * Confirm the `.p12` matches the **App ID** used in the app. * In Apple Developer Portal, ensure the App ID has **Push Notifications enabled**. * Make sure the Provisioning Profile includes **Push**. ### Expired certificate **Cause:** `.p12` certificate is no longer valid. **Fix:** * Go to Apple Developer > Certificates and check expiry. * Revoke the old certificate and create a new one. *** ## Next steps Install the OneSignal SDK, initialize it in your app, and send a test notification. Choose your platform and follow the full SDK integration guide for Android, iOS, or cross-platform frameworks. *** ## FAQ ### When does my .p12 certificate expire, and how do I renew it? .p12 certificates expire **one year** after creation. To renew, generate a new CSR, create a new push certificate in Apple Developer, export it as .p12, and re-upload it to your OneSignal dashboard. Set a calendar reminder to avoid disruption. Alternatively, switch to a [.p8 key](./ios-p8-token-based-connection-to-apns), which does not expire. ### Should I use .p8 or .p12? OneSignal recommends **.p8 keys** for most apps. A .p8 key does not expire, works across all apps under your Apple Developer account, and is simpler to manage. A .p12 certificate is app-specific and must be renewed annually. See the [.p8 key guide](./ios-p8-token-based-connection-to-apns) for setup instructions. ### Do I need a provisioning profile, and how do I create one? Yes, Apple requires different types of profiles for development, testing (Ad Hoc), and distribution to the App Store. In Xcode, select **Automatically manage signing** to create one automatically. Xcode Signing and Capabilities tab with Automatically manage signing enabled Otherwise, see [Apple's docs on provisioning profiles](https://developer.apple.com/help/account/provisioning-profiles/provisioning-profile-updates) for details. ***