Cloud operating system for your business

To use your own apple certificate for pass distribution you need to follow this steps.

Setting the Pass Type Identifier and Team ID

Every pass has a pass type identifier associated with a developer account. Pass type identifiers are managed in Member Center by a team admin. To build this pass, request and configure a pass type identifier. (You can’t use the pass type identifier that is already in the pass because it isn’t associated with your developer account.)

To register a pass type identifier, do the following:

1. In Certificates, Identifiers & Profiles, select Identifiers.

2. Under Identifiers, select Pass Type IDs.

3. Click the plus (+) button.

4. Enter the description and pass type identifier, and click Continue.

5. Click Register.

To find your Team ID, do the following:

1. Open Keychain Access, and select your certificate.

2. Select File > Get Info, and find the Organizational Unit section under Details. This is your Team ID.

   The pass type identifier appears in the certificate under the User ID section.

Note: You can also find your Team ID by looking at your organization profile in Member Center.

Create Certificate

Using OpenSSL create certificate request.

1. Create certificate signing request:
   • Obtain your copy of OpenSSL (see https://www.openssl.org/ and/or https://wiki.openssl.org/index.php/Binaries). Here is where we download ours: https://slproweb.com/products/Win32OpenSSL.html
   • Run: openssl req -new -newkey rsa:2048 -nodes -keyout pass.key -out pass.csr and answer questions it asks. Note: you need to have admin rights to directory you are installing at.
2. Obtain certificate:

   • Go to https://developer.apple.com/account/resources/certificates/list and create new certificate, using pass.csr file from previous step. You need to select under Services \ Pass Type ID Certificate.

   • Download certificate (pass.cer)

3. Convert key and certificate into X509 file:

   • Run openssl x509 -in pass.cer -inform der -outform pem -out pass.cer.pem to convert certificate from DER to PEM format

   • Run openssl pkcs12 -export -out pass.pfx -inkey pass.key -in pass.cer.pem to combine certificate and key files into one pfx file you will need to create passes. Protect it with password to prevent unauthorized usage.

4. Final steps:

   • Save pass.cer.pem context if you want to use NFC enabled pass and will supply Encryption Public Key.

   • Delete/remove pass.cer and pass.cer.pem - they are not needed anymore.

   • Save pass.csr and pass.key into safe place to use them to re-create certificate when current one will expire (1 year from now by default). Start from step 2 when this happens.
     
     

Download Pass Signing Certificate

To download your pass signing certificate, do the following:

1. In Certificates, Identifiers & Profiles, select Identifiers.
2. Under Identifiers, select Pass Type IDs.
3. Select the pass type identifier, then click Edit.
4. If there is a certificate listed under Production Certificates, click the Download button next to it. If there are no certificates listed, click the Create Certificate button, then follow the instructions to create a pass signing certificate.

Apple Developer Certificate

You do not need Apple Developer Certificate, we provide one for you.  In case you do, you need to install the Apple WWDR (WorldWide Developer Relations) certificate. You can download that from here http://www.apple.com/certificateauthority/