iOS: p12 Generate Certificates
Step-by-step guide for creating an iOS / macOS Push Authentication Certificate (.p12)
An iOS Push Certificate or Token is required for push notification delivery to all iOS mobile apps.
Step 1. Requirements
- An iOS mobile app. (This is not for websites / web push)
- A Paid Apple Developer Account with Admin Role.
- OneSignal Account
- A Mac computer with Xcode 11+
- Your Xcode project should have the Push Notification capability added. Otherwise your project may not be shown in the Apple Developer Center.
Step 2. Provisioning
If you are renewing a certificate or your app already has an existing App ID or Provisioning Profile, skip to Step 3. Generate a Push Certificate.
If your App does not have an existing App ID or Provisioning Profile setup, then login to your Paid Apple Developer Account and navigate to Certificates, Identifiers & Profiles->Identifiers and select the Blue + button.
Select App IDs and Continue
Select App and Continue
Provide a "Description" and your Explicit "Bundle ID". This must be the same as the "Bundle Identifier" you set for your project in Xcode.
Press Continue and on the next page, select Register.
Step 3. Generate Push Certificate
Method 1: Use OneSignal's Automatic Provisioning Tool
This is recommended if you are renewing a certificate.
Previous Certificate Revokation
Previous .p12 Push Certificates for this Bundle ID will be revoked and cannot be used once you generate a new certificate with this method.
Admin account required: Before you use the Automatic Provisioning tool, log into your Apple Developer account, go to the Membership section, and make sure your role for the team is Admin. If your role is not Admin, you will not be able to use this tool.
Follow the directions on OneSignal's Provisionator Tool.
Then continue to Step 4. Upload your Push Certificate to OneSignal.
Method 2: Create A Certificate Request Manually
If you are renewing a certificate, skip to step 3.2.3 Select Push Notification Certificate.
3.2.1 Request a Certificate From a Certificate Authority
Open the Keychain Access App on your macOS system. It may be located in Applications > Utilities > Keychain Access.
Select Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority...
Next, select the Saved to disk option and enter your information in the required fields. Then click Continue.
This creates a certification request file that will be used later.
3.2.2 Add Capabilities
In your Apple Developer Account under Certificates, IDs & Profiles > Identifiers, select Identifiers.
Find and select your Identifier to enable Push Notifications, but do not click Configure.
If you do not see your Identifier, follow Step 2. Provisioning.
3.2.3 Select Push Notification Certificate
Go to Certificates and create a new certificate by clicking the blue + (plus) button.
Under Services, select Apple Push Notification service SSL (Sandbox & Production) and click Continue.
- The certificate will be applicable to both Sandbox and Production environments, so you do not need a separate key for each one.
3.2.4 Select your App
Choose your App ID with matching Bundle ID from the App ID pop-up menu, and click Continue.
3.2.5 Upload your Certificate Signing Request
Click Choose File.., select the CertSigningRequest file you saved in Step 3.2.1, click Open, and then click Continue.
Click Download to save the certificate to your computer.
3.2.6 Creating a Private Key
.cer file you downloaded in the last step by double-clicking on it in Finder.
After a few seconds, the Keychain Access program should open. Select Login > My Certificates, then right-click on your Apple Push Services key in the list and select Export "Apple Push Services...".
Give the file a unique name using the
.p12 extension, and click Save. You will have an option to protect the file with a password. If you add a password, you need to enter this same password on OneSignal.
Step 4. Upload Your Push Certificate to OneSignal
In the OneSignal dashboard, select your app, then go to Settings.
Under Native App Platforms, click Apple iOS.
.p12 file you exported (along with a password, if you added one) and click Save.
Note: If you used the OneSignal Provisionator tool to create a
.p12 file, a password was generated for you, and is located next to the Download button.
You should be finished generating your iOS Push Certificate and uploading it to OneSignal.
Usually Required for Cordova/Ionic, and GoNative.
Skip if selected "Automatically manage signing" in Xcode.
If you did not select "Automatically manage signing", then follow these steps.
Create Your Profile
Go to your Apple Developer Account > Certificates, Identifiers & Profiles > Profiles.
Next find any that are for your app and remove them if they do not have App Groups and Push Notifications in Enabled Capabilities:
Create a Profile by pressing the "+" button
Select the type of profile you need to create and press Continue.
Search for your App ID, if you do not see your App ID, check the Create Your Identifier step above.
Then press Continue.
Select the Development or Distribution Certificate to associate with the Profile. Then click Continue.
Name your Provisioning Profile.
When creating a new profile, make sure to enter a unique name in the "Provisioning Profile Name:" field.
For example, if you are creating an Ad-Hoc Provisioning Profile to test push notifications with a Production Push Certificate .p12 file. Use the format
AppName_AdHocso you know the app and type of profile that it is.
On the last page Download your profile.
Re-sync your Developer Account in Xcode by going to Xcode > Preferences... then click on the "View Details..." button. Then, click the refresh button on the bottom left of the popup. See Apple's documentation for more detailed instructions.
Make sure you pick your new provisioning profile from Build Settings>Code Signing>Provisioning Profile in Xcode.
Updated 4 months ago
Next, install the OneSignal SDK in your app. If you need help, we have a few SDK-specific guides: