I've been given a task to (re?)enable push notification for the company iOS app and don't know where to begin. I learned that provisioning profile contains information on which app services are enabled, so I logged into the apple developer center and got to the Certificates,Identifiers & Profiles page, but saw that Development iOS Provisioning Profile was already enabled with Push Notification. Sep 18, 2019  After receiving your signed Certificate Signing Request (CSR) from Citrix, submit it to Apple to obtain the APNs certificate. Note: Some users have reported problems logging into the Apple Push Portal. As an alternative, you can log on to the Apple Developer Portal before going to the identity.apple.com link in Step 1.

Push notification apps

In this tutorial, you use Azure Notification Hubs to send push notifications to an iOS application. You create a blank iOS app that receives push notifications by using the Apple Push Notification service (APNs).

In this tutorial, you take the following steps:

  • Generate the certificate signing request file
  • Request your app for push notifications
  • Create a provisioning profile for the app
  • Configure your notification hub for iOS push notifications
  • Connect your iOS app to notification hubs
  • Send test push notifications
  • Verify that your app receives notifications

The complete code for this tutorial can be found on GitHub.

Generating Push Certificate with a passphrase 4453 Views 1 Reply. (where the actual service that sends the push notification to Apple), I have installed this PEM file, pointed the PHP-based server at it, and sent a push notification to my device. All postings and use of the content on this site are subject to the Apple Developer.


To complete this tutorial, you need the following prerequisites:

  • An active Azure account. If you don't have an account, you can create a free Azure account.

  • Latest version of Xcode

  • An iOS version 10 (or later)-capable device

  • Apple Developer Program membership.


    Because of configuration requirements for push notifications, you must deploy and test push notifications on a physical iOS device (iPhone or iPad) instead of the iOS Simulator.

Completing this tutorial is a prerequisite for all other Notification Hubs tutorials for iOS apps.

Generate apple push notification certificate

Generate the certificate-signing request file

The Apple Push Notification Service (APNs) uses certificates to authenticate your push notifications. Follow these instructions to create the necessary push certificate to send and receive notifications. For more information on these concepts, see the official Apple Push Notification Service documentation.

Generate the Certificate Signing Request (CSR) file, which Apple uses to generate a signed push certificate.

  1. On your Mac, run the Keychain Access tool. It can be opened from the Utilities folder or the Other folder on the Launchpad.

  2. Select Keychain Access, expand Certificate Assistant, and then select Request a Certificate from a Certificate Authority.


    By default, Keychain Access selects the first item in the list. This can be a problem if you're in the Certificates category and Apple Worldwide Developer Relations Certification Authority is not the first item in the list. Make sure you have a non-key item, or the Apple Worldwide Developer Relations Certification Authority key is selected, before generating the CSR (Certificate Signing Request).

  3. Select your User Email Address, enter your Common Name value, make sure that you specify Saved to disk, and then select Continue. Leave CA Email Address blank as it isn't required.

  4. Enter a name for the CSR file in Save As, select the location in Where, and then select Save.

    This action saves the CSR file in the selected location. The default location is Desktop. Remember the location chosen for the file.

Next, register your app with Apple, enable push notifications, and upload the exported CSR to create a push certificate.

Register your app for push notifications

To send push notifications to an iOS app, register your application with Apple, and also register for push notifications.

  1. If you haven't already registered your app, browse to the iOS Provisioning Portal at the Apple Developer Center. Sign in to the portal with your Apple ID, and select Identifiers. Then select + to register a new app.

  2. On the Register a New Identifier screen, select the App IDs radio button. Then select Continue.

  3. Update the following three values for your new app, and then select Continue:

    • Description: Type a descriptive name for your app.

    • Bundle ID: Enter a Bundle ID of the form Organization Identifier.Product Name as mentioned in the App Distribution Guide. The Organization Identifier and Product Name values must match the organization identifier and product name you use when you create your Xcode project. In the following screenshot, the NotificationHubs value is used as an organization identifier and the GetStarted value is used as the product name. Make sure the Bundle Identifier value matches the value in your Xcode project, so that Xcode uses the correct publishing profile.

    • Push Notifications: Check the Push Notifications option in the Capabilities section.

      This action generates your App ID and requests that you confirm the information. Select Continue, then select Register to confirm the new App ID.

      After you select Register, you see the new App ID as a line item in the Certificates, Identifiers & Profiles page.

  4. In the Certificates, Identifiers & Profiles page, under Identifiers, locate the App ID line item that you just created, and select its row to display the Edit your App ID Configuration screen.

Creating a Certificate for Notification Hubs

A certificate is required to enable the notification hub to work with APNS. This can be done in one of two ways:

  1. Create a .p12 that can be uploaded directly to Notification Hub.
  2. Create a .p8 that can be used for token-based authentication (the newer approach).

The newer approach has a number of benefits (compared to using certificates) as documented in Token-based (HTTP/2) authentication for APNS. However, steps have been provided for both approaches.

OPTION 1: Creating a .p12 push certificate that can be uploaded directly to Notification Hub

  1. Scroll down to the checked Push Notifications option, and then select Configure to create the certificate.

  2. The Apple Push Notification service SSL Certificates window appears. Select the Create Certificate button under the Development SSL Certificate section.

    The Create a new Certificate screen is displayed.


    This tutorial uses a development certificate. The same process is used when registering a production certificate. Just make sure that you use the same certificate type when sending notifications.

  3. Select Choose File, browse to the location where you saved the CSR file from the first task, and then double-click the certificate name to load it. Then select Continue.

  4. After the portal creates the certificate, select the Download button. Save the certificate, and remember the location to which it's saved.

    The certificate is downloaded and saved to your computer in your Downloads folder.


    By default, the downloaded development certificate is named aps_development.cer.

  5. Double-click the downloaded push certificate aps_development.cer. This action installs the new certificate in the Keychain, as shown in the following image:


    Although the name in your certificate might be different, the name will be prefixed with Apple Development iOS Push Services.

  6. In Keychain Access, right-click the new push certificate that you created in the Certificates category. Select Export, name the file, select the .p12 format, and then select Save.

    You can choose to protect the certificate with a password, but this is optional. Click OK if you want to bypass password creation. Make a note of the file name and location of the exported .p12 certificate. They are used to enable authentication with APNs.


    Your .p12 file name and location might be different than what is pictured in this tutorial.

OPTION 2: Creating a .p8 certificate that can be used for token-based authentication

  1. Make note of the following details:

    • App ID Prefix (this is a Team ID)
    • Bundle ID
  2. Back in Certificates, Identifiers & Profiles, click Keys.


    If you already have a key configured for APNS, you can re-use the .p8 certificate that you downloaded right after it was created. If so, you can ignore steps 3 through 5.

  3. Click the + button (or the Create a key button) to create a new key.

  4. Provide a suitable Key Name value, then check the Apple Push Notifications service (APNs) option, and then click Continue, followed by Register on the next screen.

  5. Click Download and then move the .p8 file (prefixed with AuthKey_) to a secure local directory, then click Done.


    Be sure to keep your .p8 file in a secure place (and save a backup). After downloading your key, it cannot be re-downloaded as the server copy is removed.

  6. On Keys, click on the key that you just created (or an existing key if you have chosen to use that instead).

  7. Make note of the Key ID value.

  8. Open your .p8 certificate in a suitable application of your choice such as Visual Studio Code then make note of the key value. This is the value between -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- .


    This is the token value that will be used later to configure Notification Hub.

At the end of these steps you should have the following information for use later in Configure your notification hub with APNs information:

  • Team ID (see step 1)
  • Bundle ID (see step 1)
  • Key ID (see step 7)
  • Token value i.e. the .p8 key value (see step 8)

Create a provisioning profile for the app

  1. Return to the iOS Provisioning Portal, select Certificates, Identifiers & Profiles, select Profiles from the left menu, and then select + to create a new profile. The Register a New Provisioning Profile screen appears.

  2. Select iOS App Development under Development as the provisioning profile type, and then select Continue.

  3. Next, select the app ID you created from the App ID drop-down list, and select Continue.

  4. In the Select certificates window, select the development certificate that you use for code signing, and select Continue. This certificate isn't the push certificate you created. If one does not exist, you must create it. If a certificate does exist, skip to the next step. To create a development certificate if one does not exist:

    1. If you see No Certificates are available, select Create Certificate.
    2. In the Software section, select Apple Development. Then select Continue.
    3. In the Create a New Certificate screen, select Choose File.
    4. Browse to the Certificate Signing Request certificate you created earlier, select it, and then select Open.
    5. Select Continue.
    6. Download the development certificate, and remember the location to which it's saved.
  5. Return to the Certificates, Identifiers & Profiles page, select Profiles from the left menu, and then select + to create a new profile. The Register a New Provisioning Profile screen appears.

  6. In the Select certificates window, select the development certificate that you just created. Then select Continue.

  7. Next, select the devices to use for testing, and select Continue.

  8. Finally, choose a name for the profile in Provisioning Profile Name, and select Generate.

  9. When the new provisioning profile is created, select Download. Remember the location to which it's saved.

  10. Browse to the location of the provisioning profile, and then double-click it to install it on your Xcode development machine.

Create a notification hub

In this section, you create a notification hub and configure authentication with APNs by using either the .p12 push certificate or token-based authentication. If you want to use a notification hub that you've already created, you can skip to step 5.

  1. Sign in to the Azure portal.

  2. Select All services on the left menu, and then select Notification Hubs in the Mobile section. Select the star icon next to the service name to add the service to the FAVORITES section on the left menu. After you add Notification Hubs to FAVORITES, select it on the left menu.

  3. On the Notification Hubs page, select Add on the toolbar.

  4. On the Notification Hub page, do the following steps:

    1. Enter a name in Notification Hub.

    2. Enter a name in Create a new namespace. A namespace contains one or more hubs.

    3. Select a value from the Location drop-down list box. This value specifies the location in which you want to create the hub.

    4. Select an existing resource group in Resource Group, or create a name for a new resource group.

    5. Select Create.

  5. Select Notifications (the bell icon), and then select Go to resource. You can also refresh the list on the Notification Hubs page and select your hub.

  6. Select Access Policies from the list. Note that the two connection strings are available to you. You'll need them later to handle push notifications.


    Do not use the DefaultFullSharedAccessSignature policy in your application. This is meant to be used in your back end only.

Configure your notification hub with APNs information

Under Notification Services, select Apple (APNS) then follow the appropriate steps based on the approach you chose previously in the Creating a Certificate for Notification Hubs section.


Use the Production for Application Mode only if you want to send push notifications to users who purchased your app from the store.

OPTION 1: Using a .p12 push certificate

  1. Select Certificate.

  2. Select the file icon.

  3. Select the .p12 file that you exported earlier, and then select Open.

  4. If required, specify the correct password.

  5. Select Sandbox mode.

  6. Select Save.

OPTION 2: Using token-based authentication

  1. Select Token.

  2. Enter the following values that you acquired earlier:

    • Key ID
    • Bundle ID
    • Team ID
    • Token
  3. Choose Sandbox

  4. Select Save.

You've now configured your notification hub with APNs. You also have the connection strings to register your app and send push notifications.

Connect your iOS app to Notification Hubs

  1. In Xcode, create a new iOS project and select the Single View Application template.

  2. When setting the options for your new project, make sure to use the same Product Name and Organization Identifier that you used when you set the bundle identifier in the Apple Developer portal.

  3. Under Project Navigator, select your project name under Targets, then select the Signing & Capabilities tab. Make sure you select the appropriate Team for your Apple Developer account. XCode should automatically pull down the Provisioning Profile you created previously based on your bundle identifier.

    If you don't see the new provisioning profile that you created in Xcode, try refreshing the profiles for your signing identity. Click Xcode on the menu bar, click Preferences, click the Account tab, click the View Details button, click your signing identity, and then click the refresh button in the bottom-right corner.

  4. In the Signing & Capabilities tab, select + Capability. Double-click Push Notifications to enable it.

  5. Add the Azure Notification Hubs SDK modules.

    You can integrate the Azure Notification Hubs SDK in your app by using Cocoapods or by manually adding the binaries to your project.

    • Integration via Cocoapods

      Add the following dependencies to your podfile to include Azure Notification Hubs SDK into your app.

      Run pod install to install your newly defined pod and open your .xcworkspace.


      If you see an error such as [!] Unable to find a specification for AzureNotificationHubs-iOSwhile running pod install, please run pod repo update to get the latest pods from the Cocoapods repository, and then run pod install.

    • Integration via Carthage

      Add the following dependencies to your Cartfile to include Azure Notification Hubs SDK into your app.

      Next, update, and build dependencies:

      For more information about using Carthage, see the Carthage GitHub repository.

    • Integration by copying the binaries into your project

      1. Download the Azure Notification Hubs SDK framework provided as a zip file and unzip it.

      2. In Xcode, right-click your project and click the Add Files to option to add the WindowsAzureMessaging.framework folder to your Xcode project. Select Options and make sure Copy items if needed is selected, and then click Add.

  6. Add a new header file to your project named Constants.h. To do so, right-click the project name and select New File.... Then select Header File. This file holds the constants for your notification hub. Then select Next. Name the file Constants.h.

  7. Add the following code to the Constants.h file:

  8. Add the implementation file for Constants.h. To do so, right-click the project name and select New File.... Select Objective-C File, and then select Next. Name the file Constants.m.

  9. Open the Constants.m file and replace its contents with the following code. Replace the string literal placeholders NotificationHubConnectionString and NotificationHubConnectionString with the hub name and the DefaultListenSharedAccessSignature, respectively, as you previously obtained from the portal:

  10. Open your project's AppDelegate.h file and replace its contents with the following code:

  11. In the project's AppDelegate.m file, add the following import statements:

  12. Also in your AppDelegate.m file, add the following line of code in the didFinishLaunchingWithOptions method based on your version of iOS. This code registers your device handle with APNs:

  13. In the same AppDelegate.m file, replace all the code after didFinishLaunchingWithOptions with the following code:

    This code connects to the notification hub using the connection information you specified in Constants.h. It then gives the device token to the notification hub so that the notification hub can send notifications.


  1. Similar the previous instructions, add another header file named NotificationDetailViewController.h. Replace the contents of the new header file with the following code:

  2. Add the implementation file NotificationDetailViewController.m. Replace the contents of the file with the following code, which implements the UIViewController methods:


  1. In the project's ViewController.h file, add the following import statements:

  2. Also in ViewController.h, add the following property declarations after the @interface declaration:

  3. In the project's ViewController.m implementation file, replace the contents of the file with the following code:

  4. To verify there are no failures, build and run the app on your device.

Send test push notifications

You can test receiving notifications in your app with the Test Send option in the Azure portal. It sends a test push notification to your device.

Apple Push Notifications

Push notifications are normally sent in a back-end service like Mobile Apps or ASP.NET using a compatible library. If a library isn't available for your back end, you can also use the REST API directly to send notification messages.

Here is a list of some other tutorials you might want to review for sending notifications:

  • Azure Mobile Apps: For an example of how to send notifications from a Mobile Apps back end integrated with Notification Hubs, see Add Push Notifications to your iOS App.
  • ASP.NET: Use Notification Hubs to push notifications to users.
  • Azure Notification Hub Java SDK: See How to use Notification Hubs from Java for sending notifications from Java. This has been tested in Eclipse for Android Development.
  • PHP: How to use Notification Hubs from PHP.

Verify that your app receives push notifications

To test push notifications on iOS, you must deploy the app to a physical iOS device. You cannot send Apple push notifications by using the iOS Simulator.

  1. Run the app and verify that registration succeeds, and then press OK.

  2. Next you send a test push notification from the Azure portal, as described in the previous section.

  3. The push notification is sent to all devices that are registered to receive the notifications from the particular Notification Hub.

Next steps

In this simple example, you broadcasted push notifications to all your registered iOS devices. To learn how to push notifications to specific iOS devices, advance to the following tutorial:

Secure your communications with APNs by installing a certificate on your provider server.


With certificate-based authentication, you use a provider certificate to establish a secure connection between your provider server and APNs. You obtain this certificate from Apple through your developer account.

Because trust is established at the server-level, individual notification requests contain only your payload and a device token. They don't include an authentication token, which reduces the size of each notification request slightly.

You can use a provider certificate to send notifications to a single app, or to the Apple Watch complication or background VoIP services associated with that app. To send remote notifications to multiple apps, you must create separate certificates for each app. You must also manage separate APNs connections for each app’s notifications. As a result, it is often simpler to use token-based authentication to support multiple apps.

Obtain a Provider Certificate from Apple

You obtain a provider certificate from your developer account on developer.apple.com. In the certificates section:

  1. Add a new certificate.

  2. Select Apple Push Notification service SSL (Sandbox & Production) for the type and click Continue.

  3. Select the App ID of your app and click Continue. (Certificates must be tied to a specific app.)

  4. Generate a Certificate Signing Request (CSR) on your server.

  5. Click Continue.

  6. Upload your CSR file and click Continue.

  7. Download the resulting certificate.

Tie a different provider certificate to each app, whose App ID you specify when creating the certificate. You must also tie your certificate to a Certificate Signing Request (CSR), which is the private key used to encrypt the certificate. The certificate itself becomes the public key that you exchange with APNs.

Install both the certificate and the private key on your provider server. In macOS, double-clicking the certificate installs it in Keychain Access automatically. If you created your CSR file from your provider server, Keychain Access installs the key in your keychain automatically.


To avoid a disruption in service for your users, remember to update your provider certificates before they expire. Provider certificates are valid for a year and must be updated to continue communicating with APNs.

Establish Trust with APNs

With your certificates installed, Figure 2 shows the sequence of steps that occur when you open a connection to the APNs server. After requesting a secure connection using transport layer security (TLS), APNs responds by sending over a certificate for your provider server to validate. After validating that certificate, you send your provider certificate back to APNs, which validates it and completes the secure connection. After that, you can begin sending remote notification requests to APNs.

Apple Developer Generate Push Notification Key 2017

If you think your certificate or private key has been compromised, you can revoke your certificate from your developer account. APNs maintains a list of revoked certificates, and it refuses TLS connections from servers whose certificates are on that list. If your server is using a revoked certificate, close all existing connections to APNs and configure a new provider certificate for your server before opening any new connections.

See Also

Apple Developer Generate Push Notification Key Free

Establishing a Token-Based Connection to APNs

Secure your communications with APNs using stateless authentication tokens.

Coments are closed
Scroll to top