fastlane/lib/fastlane/actions/docs/get_push_certificate

Automatically generate and renew your push notification profiles

Tired of manually creating and maintaining your push notification profiles for your iOS apps? Tired of generating a pem file for your server?

pem does all that for you, just by simply running pem.

pem creates new .pem, .cer, and .p12 files to be uploaded to your push server if a valid push notification profile is needed. pem does not cover uploading the file to your server.

To automate iOS Provisioning profiles you can use match.

FeaturesUsageHow does it work?TipsNeed help?

pem is part of fastlane: The easiest way to automate beta deployments and releases for your iOS and Android apps.

Features

Well, it’s actually just one: Generate the pem file for your server.

Check out this gif:

img/actions/PEMRecording.gif

Usage

fastlane pem

Yes, that’s the whole command!

This does the following:

  • Create a new signing request
  • Create a new push certification
  • Downloads the certificate
  • Generates a new .pem file in the current working directory, which you can upload to your server

Note that pem will never revoke your existing certificates. pem can’t download any of your existing push certificates, as the private key is only available on the machine it was created on.

If you already have a push certificate enabled, which is active for at least 30 more days, pem will not create a new certificate. If you still want to create one, use the force:

fastlane pem --force

You can pass parameters like this:

fastlane pem -a com.krausefx.app -u username

If you want to generate a development certificate instead:

fastlane pem --development

If you want to generate a Website Push certificate:

fastlane pem --website_push

Set a password for your p12 file:

fastlane pem -p "MyPass"

You can specify a name for the output file:

fastlane pem -o my.pem

To get a list of available options run:

fastlane action pem

Note about empty p12 passwords and Keychain Access.app

pem will produce a valid p12 without specifying a password, or using the empty-string as the password.
While the file is valid, the Mac’s Keychain Access will not allow you to open the file without specifying a passphrase.

Instead, you may verify the file is valid using OpenSSL:

openssl pkcs12 -info -in my.p12

If you need the p12 in your keychain, perhaps to test push with an app like Knuff or Pusher, you can use openssl to export the p12 to pem and back to p12:

% openssl pkcs12 -in my.p12 -out my.pem
Enter Import Password:

MAC verified OK
Enter your pem passphrase:


% openssl pkcs12 -export -in my.pem -out my-with-passphrase.p12
Enter pass phrase for temp.pem:


Enter Export Password:

Environment Variables

Run fastlane action pem to get a list of available environment variables.

How does it work?

pem uses spaceship to communicate with the Apple Developer Portal to request a new push certificate for you.

How is my password stored?

pem uses the password manager from fastlane. Take a look the CredentialsManager README for more information.