To enable Push Notification for your iOS app, you will need to create and upload the Apple Push Notification Certificate (.pem file) to us so we will be able to connect to Apple Push Server on your behalf.

要为您的 iOS 应用启用推送通知，您需要创建 Apple 推送通知证书（.pem 文件）并将其上传给我们，以便我们能够代表您连接到 Apple 推送服务器。

(Updated version with updated screen shots Here)

（更新版本与更新的屏幕截图在这里）

Step 1: Login to iOS Provisioning Portal, click "Certificates" on the left navigation bar. Then, click "+" button.

第一步：登录iOS Provisioning Portal，点击左侧导航栏的“Certificates”。然后，单击“+”按钮。

Step 2: Select Apple Push Notification service SSL (Production) option under Distribution section, then click "Continue" button.

步骤 2：在分发部分下选择 Apple 推送通知服务 SSL（生产）选项，然后单击“继续”按钮。

Step 3: Select the App ID you want to use for your BYO app (How to Create An App ID), then click "Continue" to go to next step.

第 3 步：选择您要用于 BYO 应用程序的 App ID（如何创建 App ID），然后单击“继续”进入下一步。

Step 4: Follow the steps "About Creating a Certificate Signing Request (CSR)" to create a Certificate Signing Request.

步骤 4：按照“关于创建证书签名请求 (CSR)”的步骤创建证书签名请求。

To supplement the instruction provided by Apple. Here are some of the additional screenshots to assist you to complete the required steps:

补充 Apple 提供的说明。以下是一些额外的屏幕截图，可帮助您完成所需的步骤：

Step 4 Supplementary Screenshot 1: Navigate to Certificate Assistant of Keychain Access on your Mac.

步骤 4 补充截图 1：在 Mac 上导航到 Keychain Access 的证书助手。

Step 4 Supplementary Screenshot 2: Fill in the Certificate Information. Click Continue.

步骤4 补充截图2：填写证书信息。单击继续。

Step 5: Upload the ".certSigningRequest" file which is generated in Step 4, then click "Generate" button.

第五步：上传第四步生成的“.certSigningRequest”文件，然后点击“生成”按钮。

Step 6: Click "Done" to finish the registration, the iOS Provisioning Portal Page will be refreshed that looks like the following screen:

第六步：点击“完成”完成注册，iOS Provisioning Portal页面将刷新如下图所示：

Then Click "Download" button to download the certificate (.cer file) you've created just now. - Double click the downloaded file to install the certificate into Keychain Access on your Mac.

然后单击“下载”按钮下载您刚刚创建的证书（.cer 文件）。- 双击下载的文件，将证书安装到 Mac 上的 Keychain Access 中。

Step 7: On your Mac, go to "Keychain", look for the certificate you have just installed. If unsure which certificate is the correct one, it should start with "Apple Production IOS Push Services:" followed by your app's bundle ID.

第 7 步：在您的 Mac 上，转到“钥匙串”，查找您刚刚安装的证书。如果不确定哪个证书是正确的，它应该以“Apple Production IOS Push Services:”开头，然后是您的应用程序包 ID。

Step 8: Expand the certificate, you should see the private key with either your name or your company name. Select both items by using the "Select" key on your keyboard, right click (or cmd-click if you use a single button mouse), choose "Export 2 items", like Below:

第 8 步：展开证书，您应该会看到带有您的姓名或公司名称的私钥。使用键盘上的“选择”键选择这两个项目，右键单击（如果使用单键鼠标，则单击 cmd 单击），选择“导出 2 个项目”，如下所示：

Then save the p12 file with name "pushcert.p12" to your Desktop - now you will be prompted to enter a password to protect it, you can either click Enter to skip the password or enter a password you desire.

然后将名为“pushcert.p12”的 p12 文件保存到您的桌面 - 现在系统将提示您输入密码来保护它，您可以单击 Enter 跳过密码或输入您想要的密码。

Step 9: Now the most difficult part - open "Terminal" on your Mac, and run the following commands:

第 9 步：现在是最困难的部分 - 在 Mac 上打开“终端”，然后运行以下命令：

cd
cd Desktop
openssl pkcs12 -in pushcert.p12 -out pushcert.pem -nodes -clcerts

Step 10: Remove pushcert.p12 from Desktop to avoid mis-uploading it to Build Your Own area. Open "Terminal" on your Mac, and run the following commands:

第 10 步：从桌面删除 pushcert.p12，以避免将其错误上传到 Build Your Own 区域。在 Mac 上打开“终端”，然后运行以下命令：

cd
cd Desktop
rm pushcert.p12

Step 11 - NEW AWS UPDATE: Create new pushcert.p12to submit to AWS SNS. Double click on the new pushcert.pem, then export the one highlighed on the green only.

步骤 11 - 新的 AWS 更新：创建新pushcert.p12的提交到 AWS SNS。双击新的pushcert.pem，然后导出仅以绿色突出显示的那个。

Credit: AWS new update

信用：AWS 新更新

Now you have successfully created an Apple Push Notification Certificate (.p12 file)! You will need to upload this file to our Build Your Own area later on. :)

现在您已成功创建 Apple 推送通知证书（.p12 文件）！您稍后需要将此文件上传到我们的“构建您自己的”区域。:)

There's much simpler solution today — pem. This tool makes life much easier.

今天有更简单的解决方案 - pem。这个工具让生活更轻松。

For example, to generate or renew your push notification certificate just enter:

例如，要生成或更新您的推送通知证书，只需输入：

fastlane pem 

and it's done in under a minute. In case you need a sandbox certificate, enter:

不到一分钟就完成了。如果您需要沙盒证书，请输入：

fastlane pem --development

And that's pretty it.

这很好。

$ cd Desktop
$ openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem

Apple have changed the name of the certificate that is issued. You can now use the same certificate for both development and production. While you can still request a development only certificate you can no longer request a production only certificate.

Apple 已更改颁发的证书的名称。您现在可以为开发和生产使用相同的证书。虽然您仍然可以申请仅限开发的证书，但您不能再申请仅限生产的证书。

According to Troubleshooting Push Certificate Problems

根据对推送证书问题进行故障排除

The SSL certificate available in your Apple Developer Program account contains a public key but not a private key. The private key exists only on the Mac that created the Certificate Signing Request uploaded to Apple. Both the public and private keys are necessary to export the Privacy Enhanced Mail (PEM) file.

您的 Apple Developer Program 帐户中可用的 SSL 证书包含公钥，但不包含私钥。私钥仅存在于创建上传到 Apple 的证书签名请求的 Mac 上。公钥和私钥都是导出隐私增强邮件 (PEM) 文件所必需的。

Chances are the reason you can't export a working PEM from the certificate provided by the client is that you do not have the private key. The certificate contains the public key, while the private key probably only exists on the Mac that created the original CSR.

您无法从客户端提供的证书导出工作 PEM 的原因可能是您没有私钥。证书包含公钥，而私钥可能只存在于创建原始 CSR 的 Mac 上。

You can either:

您可以：

1. Try to get the private key from the Mac that originally created the CSR. Exporting the PEM can be done from that Mac or you can copy the private key to another Mac.

1. 尝试从最初创建 CSR 的 Mac 获取私钥。可以从那台 Mac 导出 PEM，也可以将私钥复制到另一台 Mac。

or

或者

1. Create a new CSR, new SSL certificate, and this time back up the private key.

2. 创建一个新的 CSR、新的 SSL 证书，这次备份私钥。

Thanks! to all above answers. I hope you have a .p12 file. Now, open terminal write following command. Set terminal to the path where you have put .12 file.

谢谢！以上所有答案。我希望你有一个 .p12 文件。现在，打开终端写入以下命令。将终端设置为您放置 .12 文件的路径。

$ openssl pkcs12 -in yourCertifcate.p12 -out pemAPNSCert.pem -nodes
Enter Import Password: <Just enter your certificate password>
MAC verified OK

Now your .pemfile is generated.

现在您的.pem文件已生成。

Verify .pem fileFirst, open the .pem in a text editor to view its content. The certificate content should be in format as shown below. Make sure the pem file contains both Certificate content(from BEGIN CERTIFICATE to END CERTIFICATE) as well as Certificate Private Key (from BEGIN PRIVATE KEY to END PRIVATE KEY) :

验证 .pem 文件首先，在文本编辑器中打开 .pem 以查看其内容。证书内容应采用如下格式。确保 pem 文件包含证书内容（从 BEGIN CERTIFICATE 到 END CERTIFICATE）以及证书私钥（从 BEGIN PRIVATE KEY 到 END PRIVATE KEY）：

> Bag Attributes
>     friendlyName: Apple Push Services:<Bundle ID>
>     localKeyID: <> subject=<>
> -----BEGIN CERTIFICATE-----
> 
> <Certificate Content>
> 
> -----END CERTIFICATE----- Bag Attributes
>     friendlyName: <>
>     localKeyID: <> Key Attributes: <No Attributes>
> -----BEGIN PRIVATE KEY-----
> 
> <Certificate Private Key>
> 
> -----END PRIVATE KEY-----

Also, you check the validity of the certificate by going to SSLShopper Certificate Decoderand paste the Certificate Content (from BEGIN CERTIFICATE to END CERTIFICATE) to get all the info about the certificate as shown below:

此外，您通过转到 SSLShopper证书解码器并粘贴证书内容（从 BEGIN CERTIFICATE 到 END CERTIFICATE）来检查证书的有效性，以获取有关证书的所有信息，如下所示：

it is very simple after exporting the Cert.p12 and key.p12, Please find below command for the generating 'apns' .pem file.

导出Cert.p12和key.p12后很简单，请在下面找到生成'apns'.pem文件的命令。

https://www.sslshopper.com/ssl-converter.html?

https://www.sslshopper.com/ssl-converter.html？

command to create apns-dev.pem from Cert.pem and Key.pem
?    

openssl rsa -in Key.pem -out apns-dev-key-noenc.pem
?    

cat Cert.pem apns-dev-key-noenc.pem > apns-dev.pem

Above command is useful for both Sandbox and Production.

以上命令对 Sandbox 和 Production 都很有用。