Configure capabilities

Communicate with APNs using a TLS certificate

Your notification server can communicate with the Apple Push Notification service (APNs) using a TLS certificate.

First enable push notifications in your developer account. Next generate an APNs client TLS certificate that will work for both the development and production environments. Then export the client TLS identity from your Mac and install it on your notification server. Later, when you distribute your app, Xcode automatically changes the configuration of your app from the development environment to the production environment.

Alternatively, you can enable push notifications in your Xcode project to perform additional steps for an app.

Required role: Account Holder or Admin.

Generate an APNs client TLS certificate

Generate a separate client TLS certificate for each app you distribute that uses push notifications. Generating the certificate fully enables push notifications for the associated App ID. In your developer account, the APNs for the App ID changes from Configurable to Enabled.

  1. In Certificates, Identifiers & Profiles, click Identifiers in the sidebar, then select the bundle ID you want to update.

  2. Under Capabilities, select the “Push Notifications” checkbox, then click Configure.

  3. In the modal, under Production SSL Certificate, select Create Certificate.

  4. Create a certificate signing request on your Mac, then click Continue.

  5. Click Choose File.

  6. In the dialog that appears, select the certificate request file (a file with a .certSigningRequest file extension), then click Choose.

  7. Click Continue.

  8. Click Download.

  9. The certificate file (a file with a .cer file extension) appears in your Downloads folder.

In your developer account, verify that the APNs for the App ID is Enabled. Under Identifiers, select App IDs, then select the App ID you want to view. An associated certificate should appear in the Push Notifications row.

To install the certificate in your keychain, double-click the downloaded certificate file on your Mac. The certificate appears in the My Certificates category in Keychain Access.

Export the client TLS identity from your Mac

Export the identity from the keychain on the Mac where you created it. Then copy it to the appropriate place on the server that runs the provider code and connects with the development or production version of APNs.

  1. Launch Keychain Access.

  2. In the Category section, select My Certificates.

  3. Find the certificate you want to export and disclose its contents.

    You’ll see both a certificate and a private key.

  4. Select both the certificate and the key, and choose File > Export Items.

  5. From the File Format pop-up menu, choose a file format that your server accepts.

  6. Enter a filename in the Save As field, then click Save.

    The certificate and key are saved to the location you specified as a text file in the Personal Information Exchange format (a file with a .p12 file extension).

To learn about push notifications, visit the Local and Remote Notification Programming Guide.