Action Needed: Website Push Certificate Expires in 30 Days. Your Website Push Certificate will no longer be valid in 30 days. To generate a new certificate, sign in and visitCertificates, Identifiers & Profiles.
If you run a website that send browser push notifications, you have most likely received this email from Apple reminding you that your push certificate for Safari is about to expire. I’ve been receiving the same email for several years now, but every time I scratch my head wondering how do I do that again.
So this year, I decided to write down the steps and publish them for everyone (but mostly me) to follow again in the future when it’s time to renew the Safari push certificate.
How to renew a Safari Website Push Certificate
to generate a new Safari Website Push Certificate, you will need a paid developer account. First you will have to request a certificate from a certificate authority using Keychain Access on your Mac, then you will need to create a Web Push Certificate. We’ll walk you through each step with simple instructions and illustrations.
Note that the following instructions are to generate a Safari push certificate for a website that is already registered to send push notifications. If your website is not registered yet, make sure to login to your Developer account, click onIdentifiersand then click onRegister an App ID.Then selectWebsite Push IDsand click Continue. Type in a description, an identifier, and then click Continue to finalize the registration. Once done, you may go on with the instructions below.
1)First we need to make a certificate signing request. OpenKeychain Accesson your Mac, then navigate to Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority…
2)Enter your email address and your name, which should already be pre-filled. Leave the CA Email Address field blank, and select tosave the request to the disk.
Click Continue, and make sure yousave the file to your Desktopfor easy reference. You should now have a file titledCertificateSigningRequest.certSigningRequeston your Desktop.
3)Sign into your developer account at developer.apple.com, then click onCertificates, Identifiers & Profilesin the sidebar, and then click onIdentifiersin the sidebar.
4)Click on the dropdown menu at the top right corner of the screen and selectWebsite Push IDs.
5)Click on the website push ID to select it. Unless you run multiple websites, there should only be one option in there.
6)Now we need to upload the CertificateSigningRequest.certSigningRequest file we saved to the Desktop in step 2. Click onCreate Certificate, and then click onChoose File. Navigate to your Desktop, and select the CertificateSigningRequest.certSigningRequest file. Click Continue.
7)Finally, click theDownloadbutton to download your certificate, and save it to your Desktop. It will save a file namedwebsite_aps_production.certo your Desktop.
8)Double click on the website_aps_production.cer file to open it in Keychain Access. If prompted, verify to selectloginin dropdown menu, as seen below.
9)In Keychain Access, select theCertificatestab from the sidebar, and locate the certificate we just added. It’s pretty easy to tell which one it is because its expiration date should be exactly one year from today. Right click on the file and selectExport Website Push ID.
10)When prompted, make sure to save theCertificates.p12file to your Desktop. If prompted to password-protect the p12 file, do not enter any password. Just click OK. You will however have to enter your admin password to export and save the p12 file.
With the p12 file now on your Desktop, you may upload it to your push notification service of choice, such as OneSignal, WebPushr, etc.
