To use your own apple certificate for pass distribution you need to follow this steps.
Setting the Pass Type Identifier and Team ID
Every pass has a pass type identifier associated with a developer account. Pass type identifiers are managed in Member Center by a team admin. To build this pass, request and configure a pass type identifier. (You can’t use the pass type identifier that is already in the pass because it isn’t associated with your developer account.)
To register a pass type identifier, do the following:
To find your Team ID, do the following:
Using OpenSSL create certificate request.
- Create certificate signing request:
- Obtain certificate:
Go to https://developer.apple.com/account/resources/certificates/list and create new certificate, using pass.csr file from previous step.
Download certificate (pass.cer)
Convert key and certificate into X509 file:
Run openssl x509 -in pass.cer -inform der -outform pem -out pass.cer.pem to convert certificate from DER to PEM format
Run openssl pkcs12 -export -out pass.pfx -inkey pass.key -in pass.cer.pem to combine certificate and key files into one pfx file you will need to create passes. Protect it with password to prevent unauthorized usage.
Save pass.cer.pem context if you want to use NFC enabled pass and will supply Encryption Public Key.
Delete/remove pass.cer and pass.cer.pem - they are not needed anymore.
Save pass.csr and pass.key into safe place to use them to re-create certificate when current one will expire (1 year from now by default). Start from step 2 when this happens.
Download Pass Signing Certificate
- In Certificates, Identifiers & Profiles, select Identifiers.
- Under Identifiers, select Pass Type IDs.
- Select the pass type identifier, then click Edit.
- If there is a certificate listed under Production Certificates, click the Download button next to it. If there are no certificates listed, click the Create Certificate button, then follow the instructions to create a pass signing certificate.