To send push notifications to iOS apps, an authenticated connection to Apple Push Notification Services (APNs) is required. You can authenticate using a token-based (.p8 key) or a certificate-based (.p12 file) method โ€” but only one is necessary.
.p12 Certificates expire after one year. If you donโ€™t want to manage the renewal of this certificate, you can create a .p8 key instead, which does not expire.
This guide will walk you through setting up a certificate-based (.p12 file). This is not recommended because you must renew it annually. This includes logging into your Apple Developer Account to generate the new certificate and uploading it to your OneSignal dashboard every year.

โ€‹
Requirements

Make sure you have the following before starting:

โ€‹
Generate a push certificate

You first need to create a Certificate Signing Request .certSigningRequest File (CSR) on macOS.
  1. Open Keychain Access: Applications > Utilities > Keychain Access
  2. Launch the Certificate Assistant
  • From menu bar, click: Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authorityโ€ฆ

Mac keychain access

  1. Enter Your Information
Fill in the required fields:
  • User Email Address: [email protected]
  • Common Name: Your name or the name for the certificate
  • CA Email Address: Leave this blank
  • Request is: Select Saved to disk

Certificate Assistant window

  1. Click Continue
  • Choose a location to save the .certSigningRequest file
  • Click Save to finish
You now have your .certSigningRequest file ready to use!

โ€‹
Enable push capabilities for the app id

Skip if you use Automatically manage signing within Xcode.
  1. Go to the Identifiers section of the Apple Developer portal, locate and select your appโ€™s App ID from the list.
  1. Enable the Push Notifications capability by checking the box. โš ๏ธ Do not click โ€œConfigureโ€ โ€” just enable the toggle.

โ€‹
Create a push certificate

Follow these steps to generate the Apple Push Notification service (APNs) SSL certificate:
  1. Visit the Apple Certificates page.
  2. Click the plus (+) button to create a new certificate.
  3. Under Services, select:
    • Apple Push Notification service SSL (Sandbox & Production)
    • Then click Continue
  4. Select your App ID from the list and click Continue.
  1. Upload your previously generated .certSigningRequest file.
  1. Click Continue, then click Download to save the resulting .cer file to your computer.
Youโ€™ll use this .cer file to configure push notification services.

โ€‹
Create a private key and export the .p12 certificate

  1. Double-click the downloaded .cer file to import it into Keychain Access.
  2. In Keychain Access, navigate to:
    • Keychains > Login
    • Category > My Certificates
  3. Locate the certificate named Apple Push Services.
  4. Right-click the certificate and select Export.

Export will generate a .p12 file at your desired file location

  1. Choose a location to save the file, and select the file format as .p12. When prompted, you can set a password for the .p12 file (this password is required when uploading to services like OneSignal).

โ€‹
Upload the .p12 to OneSignal

  1. In your OneSignal dashboard, go to your app > Settings > Push & In-App > Apple iOS.
  2. Upload the .p12 file (and enter the password if you set one). Click Save.
Youโ€™ve successfully set up APNs authentication using a .p12 certificate in OneSignal.Your iOS app is now ready to send and receive push notifications! ๐ŸŽ‰

โ€‹
.p12 troubleshooting

โ€‹
Invalid certificate format error

Cause

The uploaded file is not in .p12 format.

Fix

Ensure you export the certificate from Keychain Access as .p12 (not .cer or .pem).

โ€‹
โ€Incorrect passwordโ€ when uploading to OneSignal

Cause

Password was entered incorrectly or not set.

Fix

  • Try exporting again and set a new password.
  • Ensure no extra spaces are added when pasting.
  • If using Provisionator, the password is shown in the UI.

โ€‹
Missing private key in exported file

Cause

Certificate was imported but not paired with a private key.

Fix

  • Make sure you generate the CSR from Keychain Access on the same machine.
  • After downloading the .cer file, double-click to install and check if the key appears under My Certificates.

โ€‹
Push notifications not working after upload

Cause

Incorrect App ID, or Provisioning Profile missing capabilities.

Fix

  • Confirm the .p12 matches the App ID used in the app.
  • In Apple Developer Portal, ensure the App ID has Push Notifications enabled.
  • Make sure the Provisioning Profile includes Push.

โ€‹
Expired certificate

Cause

.p12 certificate is no longer valid.

Fix

  • Go to Apple Developer > Certificates and check expiry.
  • Revoke the old certificate and create a new one.

โ€‹
FAQ

โ€‹
Do I need a provisioning profile and how to create it?

Yes, Apple requires different types of profiles for development, testing (Ad Hoc), and distribution to the App Store. In Xcode, you should be able to select Automatically manage signing to create one automatically.
Otherwise, see Appleโ€™s docs on provisioning profiles for details.