Mobile Apps

How to Create a PEM File for iOS Push Notifications

While building a mobile app with SimiCart, many customers encounter difficulties in creating a PEM file for iOS push notifications. So in this post, we will guide you how to create a PEM file.

What is a .PEM File?

PEM format which stands for Privacy Enhanced Mail is a Base64 encoded DER certificate. PEM certificates are frequently used for web servers as they can easily be translated into readable data using a simple text editor. According to Wikipedia, PEM data is commonly stored in files with a “.pem” suffix, a “.cer” or “.crt” suffix (for certificates), or a “.key” suffix (for public or private keys). The label inside a PEM file represents the type of the data more accurately than the file suffix, since many different types of data can be saved in a “.pem” file.

iOS app allows you to push notifications to all of your mobile users. There are three things a push notification can do:

  • Display a short text message
  • Play a brief sound
  • Set a number in a badge on the app’s icon

PEM file is used to setup Apple Push Notification. In this tutorial, you will be guided to generate a PEM file.

What is a PEM certificate?

PEM certificate is a file format used to store and share cryptographic keys and digital certificates, primarily for securing communications over networks. PEM stands for Privacy Enhanced Mail and it was originally developed to secure email transmissions but has since become a standard for various security applications.

  • Format: PEM files are encoded in Base64 and typically contain data encapsulated between two header lines, for example:
-----BEGIN CERTIFICATE-----
[Base64 encoded data]
-----END CERTIFICATE-----
  • Usage: PEM certificates are widely used in SSL/TLS configurations to secure web communications. They can hold public keys, private keys, and entire certificate chains (including intermediate and root certificates).
  • File Extensions: Common extensions for PEM files include .pem.crt.cer, and .key, depending on the specific content they contain.
  • Accessibility: Being plain text files, PEM files can be easily opened and edited with standard text editors, which makes them user-friendly for system administrators.

PEM certificates play a crucial role in establishing secure connections over the internet, enabling encrypted communications that protect sensitive data during transmission.

Here’s Detailed Guide to Create a .PEM File


Basically, to get a PEM file, you need to generate 3 following files:

  1. Certificate Signing Request (CSR file)
  2. SSL certificate (aps_ distribution.cer)
  3. Private key as a .p12 file

Okay. Let’s start now!

Step 1: Generate the Certificate Signing Request (CSR)

Whenever you apply for a digital certificate, you need to provide a Certificate Signing Request or CSR for short.

When you create the CSR, a new private key is made that is put into your keychain. You then send the CSR to a certificate authority (in this case that is the iOS Developer Portal), which will generate the SSL certificate for you based on the information in the CSR.

Go to Applications / Utilities / Keychain Access / Certificate Assistant on your Mac and choose the menu option Request a Certificate from a Certificate Authority

request a certificate

If you do not have this menu option or it says “Request a Certificate from a Certificate Authority with key”, then download and install the WWDR Intermediate Certificate first. Also make sure no private key is selected in the main Keychain Access window.

You should now see the following window:

certificate information
  • User email address: enter your email address here. It can be either same email address used to sign up for the iOS Developer Program or any email address.
  • Common Name: enter anything you want but it should be something descriptive. For example “app_pushnotification”
  • Make sure Saved to disk is checked and click Continue. Save this file as “app_pushnotification.certSigningRequest”.

Step 2: Generate the App ID and SSL Certificate

Go to https://developer.apple.com and login to your Apple Developer Account.

Select Certificates, Identifiers, Profiles.

apple developer overview

Select tab Production, then Click (+) Add to add a new Certificate.

production tab

On Select Type page, select Apple Push Notification service SSL (Sanbox & Production). Then click Continue.

apple push notification service SSL

On this page, select the App ID you want to PUSH notification. Then click Continue.

app id

Click Continue.

about csr

Upload the app_pushnotification.certSigningRequest file you have just created in Step 1. Then, click “Continue” and download .cer file.

generate your certificate
download .cer file

Step 3. Create .p12 file

Double click on the file you have just downloaded, change file’s name to app_pushnotification.cer, move this file to your Desktop and open “Keychain Access”.

Now find “app_pushnotification” and “Apple Push Services:<your App ID>” and export these 2 items.

keychain access
keychain export

Name and save the .p12 file to a folder.

save keychain

Then, there will be a popup shown asking for password. Set your own password.

keychain password

Click OK. Tada! You’ve created PushChatKey.p12 file from aps_distribution.cer file.

So now you got three files:

  1. The CSR
  2. The private key as a p12 file (app_pushnotification.p12)
  3. The SSL certificate, app_pushnotification.cer

Let’s move to the last step.

Step 4. Generate PEM file

Store these three files in a safe place. Then you have to convert the SSL certificate and private key into a format that is more usable. Because the push part of our server will be written in PHP, you will combine the certificate and the private key into a single file that uses the PEM format.

You’re going to use the command-line OpenSSL tools for this. Open a Terminal and execute the following steps.

Go to the folder where you downloaded the files, in this case is the Desktop:

$ cd ~/Desktop/

Convert the .cer file into a .pem file:

openssl x509 -in app_pushnotification.cer -inform der -out app_pushnotificationpass.pem 

Convert the private key’s .p12 file into a .pem file:

 openssl pkcs12 -in app_pushnotification.p12 -out app_pushnotification.pem -nodes –clcerts     <Note: You need to enter the password you created at Step 10> 

Finally, combine the certificate and key into a single .pem file:

 cat app_pushnotificationpass.pem app_pushnotification.pem > app_pushnotification_end.pem

The file app_pushnotification_end.pem is the one you need, which can be then used to set up push notification feature on your iOS application.

Hope this helps!


Further Reading:

How to Intergrate Push Notifications into Your PWAs using Firebase