Hey! These docs are for version 7.0, which is no longer officially supported. Click here for the latest version, 9.0!

Generate an iOS Push Certificate

Step-by-step guide to create an iOS Push Certificate

An iOS Push Certificate is required for notification delivery to all iOS apps.

Step 1 - Requirements:

  • An iOS mobile app. (This is not for websites / web push)
  • A Paid Apple Developer Account with Admin Role.
  • A OneSignal Account, if you do not already have one.
  • A Mac computer with Xcode 11+
  • Your Xcode project should have the Push Notification capability added. Otherwise your project may not be shown in the Apple Developer Center.

Step 2 - Provisioning

If your App does not have an existing App ID or Provisioning Profile setup in your Apple Developer Account, then start with below Optional - Provisioning Profiles step.

Generally this occurs when using manual app signing (not have "Automatically manage signing" selected in Xcode) or an app builder like Cordova/Ionic, Gonative, or an older Xcode version.

Method 1: Use OneSignal's Automatic Provisioning Tool


Previous Certificate Revokation

Previous p12 Push Certificates for this bundle id will be revoked and cannot be used once you generate a new certificate with this method.

Admin account required: Before you use the Automatic Provisioning tool, log into your Apple Developer account, go to the Membership section, and make sure your role for the team is Admin. If your role is not Admin, you will not be able to use this tool.

Follow the directions on OneSignal's Provisionator Tool.
Then continue to Step 3.

Method 2: Create A Certificate Request Manually

2.1 - Request a Certificate From a Certificate Authority

Open the Keychain Access app on your macOS system. It may be located in Applications > Utilities > Keychain Access.

Select Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority...


Next, select the Save to disk option and enter your information in the required fields.

This creates a certification request file that will be used later.


2.2 - Add Capabilities

Select Identifiers in your Apple Developer Account under Certificates, IDs & Profiles > Identifiers


Find and select your Identifier to enable Push Notifications, but do not click Edit.

If you do not see your Identifier, follow below Optional - Provisioning Profiles step.


2.3 - Select Push Notification Certificate

Next, go to Certificates and create a new certificate by clicking the blue + (plus) button.

Under Services, select Apple Push Notification service SSL (Sandbox & Production) and click Continue.

  • The certificate will be applicable to both Sandbox and Production environments, so you do not need a separate key for each one.

2.4 - Select your App

Choose your App ID with matching Bundle ID from the App ID pop-up menu, and click Continue.


2.5 - Upload your Certificate Signing Request

Click Choose File.., select the CertSigningRequest file you saved in Step 2.1, click Open, and then click Continue.


Click Download to save the certificate to your computer.


2.6 - Creating a Private Key

Open the .cer file you downloaded in the last step by double-clicking on it in Finder.


After a few seconds, the Keychain Access program should open. Select Login > My Certificates, then right-click on your Apple Push Services key in the list and select Export "Apple Push Services....


Give the file a unique name using the .p12 extension, and click Save. You will have an option to protect the file with a password. If you add a password, you need to enter this same password on OneSignal.

Step 3 - Upload Your Push Certificate to OneSignal

In the OneSignal dashboard, select your app from the All Apps page, then go to Settings. Under Native App Platforms, click Apple iOS.


Select the .p12 file you exported (along with a password, if you added one) and click Save.

Note: If you used the OneSignal Provisionator tool to create a .p12 file, a password was generated for you, and is located next to the Download button.


Optional - Provisioning Profiles

Usually Required for Cordova/Ionic, and GoNative.

Skip if selected "Automatically manage signing" in Xcode.


If you did not select "Automatically manage signing", then follow these steps.

Create your Identifier

In your Apple Developer Account, go to Identifiers and select the Blue + button


Select App IDs and Continue


Select App and Continue


Provide a "Description" and your Explicit "Bundle ID" then press Continue


Click Register


Create Your Profile

In your Apple Developer Account, on the left to go to Profiles.


Next find any that are for your app and remove them if they do not have App Groups and Push Notifications in Enabled Capabilities:


Create a Profile by pressing the "+" button


Select the type of profile you need to create and press Continue


Search for your App ID, if you do not see your App ID, check the Create Your Identifier step above.

Then press Continue.


Select the Development or Distribution Certificate to associate with the Profile. Then click Continue. .


Name your Provisioning Profile


Best Practices

When recreating new profiles make sure to enter a unique name in the "Provisioning Profile Name:" field.

Example, if creating an Ad-Hoc Provisioning Profile to test push notifications with a Production Push Certificate .p12 file. Use the format AppName_AdHoc so you know the app and type it is.

Select Generate.


On the last page Download your profile.

Re-sync your Developer Account in Xcode by going to Xcode > Preferences... then click on the "View Details..." button. Lastly, click the refresh button on the bottom left of the popup. See Apple's documentation for more detailed instructions.

Make sure you pick your new provisioning profile from Build Settings>Code Signing>Provisioning Profile in Xcode.

Head back to Step 2 to continue creating the Push Certificate.

What’s Next

Next, install the OneSignal SDK in your app. If you need help, we have a few SDK-specific guides: