iOS: p12 Generate Certificates

Step-by-step guide for creating an iOS / macOS Push Authentication Certificate (.p12)

An iOS Push Certificate or Token is required for push notification delivery to all iOS mobile apps.

Step 1. Requirements

  • An iOS mobile app. (This is not for websites / web push).
  • A Paid Apple Developer Account with Admin Role.
  • OneSignal Account.
  • A Mac computer with Xcode 11+.
  • Your Xcode project should have the Push Notification capability added. Otherwise your project may not be shown in the Apple Developer Center.

Step 2. Provisioning

If you are renewing a certificate or your app already has an existing App ID or Provisioning Profile, skip to Step 3. Generate a Push Certificate.

If your App does not have an existing App ID or Provisioning Profile setup, then login to your Paid Apple Developer Account, navigate to Certificates, Identifiers & Profiles->Identifiers, and select the Blue + button.

Select App IDs and Continue.

Select App and Continue.

Provide a "Description" and your Explicit "Bundle ID".


Bundle ID

This must be the same as the "Bundle Identifier" you set for your project in Xcode.

Press Continue and on the next page, select Register.

Step 3. Generate Push Certificate

Create A Certificate Request Manually

If you are renewing a certificate, skip to step 3.2.3 Select Push Notification Certificate.

3.2.1 Request a Certificate From a Certificate Authority

Open the Keychain Access App on your macOS system. It may be located in Applications > Utilities > Keychain Access.

Select Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority...

Next, select the Saved to disk option and enter your information in the required fields. Then, click Continue.

This creates a certification request file that will be used later.

3.2.2 Add Capabilities

In your Apple Developer Account under Certificates, IDs & Profiles > Identifiers, select Identifiers.

Find and select your Identifier to enable Push Notifications, but do not click Configure.

If you do not see your Identifier, follow Step 2. Provisioning.

3.2.3 Select Push Notification Certificate

Go to Certificates and create a new certificate by clicking the blue + (plus) button.

Under Services, select Apple Push Notification service SSL (Sandbox & Production) and click Continue.

  • The certificate will be applicable to both Sandbox and Production environments, so you do not need a separate key for each one.

3.2.4 Select your App

Choose your App ID with matching Bundle ID from the App ID pop-up menu, and click Continue.


Apple Developer Account - Create a New Certificate

3.2.5 Upload your Certificate Signing Request

Click Choose File.., select the CertSigningRequest file you saved in Step 3.2.1, click Open, and then click Continue.

Click Download to save the certificate to your computer.


Apple Developer Account - Download your certificate

3.2.6 Creating a Private Key

Open the .cer file you downloaded in the last step by double-clicking on it in Finder.


.cer file

After a few seconds, the Keychain Access program should open. Select Login > My Certificates, then right-click on your Apple Push Services key in the list and select Export "Apple Push Services...".


Keychain Access - Export the file as a .p12 file

Give the file a unique name using the .p12 extension, and click Save. You will have an option to protect the file with a password. If you add a password, you need to enter this same password on OneSignal.

Step 4. Upload Your Push Certificate to OneSignal

In the OneSignal dashboard, select your app, then go to Settings.

Under Native App Platforms, click Apple iOS.


Select Apple iOS on the Settings Page

Select the .p12 file you exported (along with a password, if you added one) and click Save.

Note: If you used the OneSignal Provisionator tool to create a .p12 file, a password was generated for you and is located next to the Download button.


p12 upload form in Settings > Apple iOS Configuration



You should be finished generating your iOS Push Certificate and uploading it to OneSignal.

Provisioning Profiles

Usually required for Cordova/Ionic and GoNative.

Skip if selected "Automatically manage signing" in Xcode.


Xcode - Select "Automatically manage signing"

If you did not select "Automatically manage signing", then follow these steps:

Create Your Profile

Go to your Apple Developer Account > Certificates, Identifiers & Profiles > Profiles.


Apple Developer Account > Certificates, Identifiers & Profiles > Profiles

Next, find any that are for your app and remove them if they do not have App Groups and Push Notifications in Enabled Capabilities:


Apple Developer Account > Certificates, Identifiers & Profiles > Profiles > Select a specific profile

Create a Profile by pressing the "+" button.


Apple Developer Account > Certificates, Identifiers & Profiles > Profiles > Add a new profile

Select the type of profile you need to create and press Continue.


Adding a new profile in your Apple Developer Account

Search for your App ID; if you do not see your App ID, check the Create Your Identifier step above.

Then, press Continue.


Adding a new profile in your Apple Developer Account

Select the Development or Distribution Certificate to associate with the Profile. Then, click Continue.


Adding a new profile in your Apple Developer Account

Name your Provisioning Profile.


Best Practices

When creating a new profile, make sure to enter a unique name in the "Provisioning Profile Name:" field.

For example, if you are creating an Ad-Hoc Provisioning Profile to test push notifications with a Production Push Certificate .p12 file, use the format AppName_AdHoc so you know the app and type of profile that it is.

Select Generate.


Adding a new profile in your Apple Developer Account

On the last page, Download your profile.

Re-sync your Developer Account in Xcode by going to Xcode > Preferences... then click on the "View Details..." button. Then, click the refresh button on the bottom left of the popup. See Apple's documentation for more detailed instructions.

Make sure you pick your new provisioning profile from Build Settings>Code Signing>Provisioning Profile in Xcode.