To use your own apple certificate for pass distribution you need to follow this steps.


Setting the Pass Type Identifier and Team ID


Every pass has a pass type identifier associated with a developer account. Pass type identifiers are managed in Member Center by a team admin. To build this pass, request and configure a pass type identifier. (You can’t use the pass type identifier that is already in the pass because it isn’t associated with your developer account.)


To register a pass type identifier, do the following:

  1. In Certificates, Identifiers & Profiles, select Identifiers.

  2. Under Identifiers, select Pass Type IDs.

  3. Click the plus (+) button.

  4. Enter the description and pass type identifier, and click Submit.

To find your Team ID, do the following:

  1. Open Keychain Access, and select your certificate.

  2. Select File > Get Info, and find the Organizational Unit section under Details. This is your Team ID.

    The pass type identifier appears in the certificate under the User ID section.

Note: You can also find your Team ID by looking at your organization profile in Member Center.

Create Certificate

Using OpenSSL create certificate request.

  1. Create certificate signing request:
  2. Obtain certificate:
  3. Convert key and certificate into X509 file:

    • Run openssl x509 -in pass.cer -inform der -outform pem -out pass.cer.pem to convert certificate from DER to PEM format

    • Run openssl pkcs12 -export -out pass.pfx -inkey pass.key -in pass.cer.pem to combine certificate and key files into one pfx file you will need to create passes. Protect it with password to prevent unauthorized usage.

  4. Final steps:

    • Save pass.cer.pem context if you want to use NFC enabled pass and will supply Encryption Public Key.

    • Delete/remove pass.cer and pass.cer.pem - they are not needed anymore.

    • Save pass.csr and pass.key into safe place to use them to re-create certificate when current one will expire (1 year from now by default). Start from step 2 when this happens.

Download Pass Signing Certificate

To download your pass signing certificate, do the following:

  1. In Certificates, Identifiers & Profiles, select Identifiers.
  2. Under Identifiers, select Pass Type IDs.
  3. Select the pass type identifier, then click Edit.
  4. If there is a certificate listed under Production Certificates, click the Download button next to it. If there are no certificates listed, click the Create Certificate button, then follow the instructions to create a pass signing certificate.