Skip to content

Instantly share code, notes, and snippets.

@karnauskas

karnauskas/PKPass.md

Forked from rlanyi/PKPass.md
Created November 16, 2021 21:32
Show Gist options
  • Save karnauskas/f76ab849224f22fc32961288266094a2 to your computer and use it in GitHub Desktop.
Save karnauskas/f76ab849224f22fc32961288266094a2 to your computer and use it in GitHub Desktop.
Download ZIP
How to create Apple PKPass .p12 certificate using Linux
Raw
gistlog.yml
published: true
Raw
PKPass.md

How to create Apple PKPass .p12 certificate using Linux

You don't need a Mac to do this :-)

For generating PKPass files, you'll need 4 things after this tutorial:

  • Certificate Identifier (pass.com.example.www)
  • Team Identified (Organizational Unit (OU) in the cert generated by Apple)
  • The .p12 file
  • The password for the .p12 file
  1. Login on https://developer.apple.com/account/
  2. Click Certificates, Identifiers & Profiles
  3. Click on Identifiers
  4. On the right, filter to Pass Type IDs
  5. Register a New Identifier, choose Pass Type IDs
  6. Enter Description and Identifier
  7. Finalize by clicking Register
  8. Go to terminal and generate a private key (.key)
openssl genrsa -out pkpass.key 2048
  1. Generate a certificate singing request (.csr)
openssl req -new -key pkpass.key -out pkpass.csr

Fill in the fields with your own data but leave Challenge password empty (press Enter).

  1. On the Developer Portal choose the newly created identifier from the list and click Create Certificate.
  2. Leave the Certificate name empty and upload the .csr file
  3. On the next page click Download and save the downloaded pass.cer to the folder with the .key and .csr files
  4. Download Apple's root certificate (Apple Worldwide Developer Relations Certification Authority)
wget http://developer.apple.com/certificationauthority/AppleWWDRCA.cer
  1. Convert .cer files to .pem format
openssl x509 -inform der -in AppleWWDRCA.cer -out AppleWWDRCA.pem
openssl x509 -inform der -in pass.cer -out pass.pem
  1. Generate the .p12 certificate by using the private key, your certificate and Apple's certificate
openssl pkcs12 -export -clcerts -inkey pkpass.key -in pass.pem -certfile AppleWWDRCA.pem -name "Company Name" -out pkpass.p12

You'll be requested to enter a password. Choose a strong password here. You'll use this password with the .p12 certificate when generating PKPass files.

Please note that the .p12 contains both certificates and a private key as well. Make sure that you distribute it securely to the server that will generate PKPass files and that it is only readable by the PKPass generator application.

  1. You can check the contents of your newly created .p12 certificate
openssl pkcs12 -in pkpass.p12 -nodes

Please note the OU field of the first certificate in the output. This is your Team Identifier.

  1. Create a reminder in your calendar with the expiration date of your certificate.
openssl x509 -in pass.pem -noout -enddate
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment