Apple Push Notification Services Tutorial: Part 2/3

Step 2: Do some stuff on your terminal

We now have to generate some files that are needed to communicate with Apple’s pushnotification servers:

  1. Generate cert & key files used by your php script to comm. with APNS

Remember the “aps_production.cer” file we downloaded? Now we need that one to make all the files we need for our php script to be able to create some nice messages and send them to all the devices that installed your awesome app…



The first iPhone App ever that finds out who’s calling you before you answer the phone.

  1. Import your aps_production.cer into your Keychain by double clicking the aps_production.cer file.
  2. Launch the Keychain Assistant from your Mac and then filter by the Certificates category. You will then see an option called “Apple Production Push Services” => expand it.
  3. Right-click on “Apple Production Push Services” => Export “Apple Production Push Services”. Save this as “apns-production-cert.p12” file into the same folder as “apns_production.cer”. Be sure to choose a password and remember it!
  4. Do the same for the “Private Key” that was revealed when you expanded the “Apple Production Push Services”, now save it as “apns-production-key.p12”. Be sure to choose a password and remember it!
  5. We have now two additional files in that folder called “apns-production-cert.p12” and “apns-production-key.p12“.
  6. We have now to convert these two files into a PEM format by executing following command from the terminal app:
    openssl pkcs12 -clcerts -nokeys -out apns-production-cert.pem -in apns-production-cert.p12
    openssl pkcs12 -nocerts -out apns-production-key.pem -in apns-production-key.p12
  7. Sometimes it’s easier to remove the passphrase… either do not set one when exporting (see step 4 and 5) or just execute now:
    openssl rsa -in apns-production-key.pem -out apns-production-key-noenc.pem
  8. As a last step, we combine the two files (key and cert) into a single .pem file that we are going to use when connecting to APNS:
    cat apns-production-cert.pem apns-production-key-noenc.pem > apns-production.pem

Now here’s an image how it looks like on the terminal:

And that’s our folder with all the files:

The red one is the file we need later on…

  1. Make some nice and easy PHP scripts to send messages right away

Now we have to build up the php- and html-scripts to actually send the messages… we will build up a textarea to enter the message like this:

There is a limit of 107 characters per Push Notifications so there is a built-in check for that!
(you can download the scripts below)

Then we need a php script to receive our message and send it to the APNS:

//$_SESSION['passphrase'] = $_POST['passphrase'];
$_SESSION['message'] = $_POST['message'];

// Put your private key's passphrase here if needed:
//$passphrase = $_POST['passphrase'];

// Put your alert message here:
$message = $_POST['message'];

if(strlen($message) < 1) {

    header ("Refresh: 4; sendMessage.php");  
    exit("<span style=\"font-family: Verdana, Geneva, sans-serif; font-size: 14px;\">You must enter a message! You are being redirected...</span>" . PHP_EOL);


$ctx = stream_context_create();
stream_context_set_option($ctx, 'ssl', 'local_cert', 'ck.pem');
//stream_context_set_option($ctx, 'ssl', 'passphrase', $passphrase); // use this if you are using a passphrase

// Open a connection to the APNS server
$fp = @stream_socket_client(
    'ssl://', $err,

if (!$fp) {
    header ("Refresh: 4; login_success.php");  
    exit("<span style=\"font-family: Verdana, Geneva, sans-serif; font-size: 14px;\">Could not connect to server. Please check the passphrase. You are being redirected...</span>" . PHP_EOL);

//echo '<span style=\"font-family: Verdana, Geneva, sans-serif; font-size: 14px;\">Verbunden mit Apple Pushnotification Server</span>' . PHP_EOL;

// Create the payload body
$body['aps'] = array(
    'alert' => $message,
    'sound' => 'default'

// Encode the payload as JSON
$payload = json_encode($body);

$errCounter = 0;


$host="localhost"; // Host name
$username="DB_USERNAME"; // Mysql username
$password="DB_PASSWORD"; // Mysql password
$db_name="DB_NAME"; // Database name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$sql="SELECT devicetoken, deviceuid, devicename, appversion FROM (SELECT devicetoken, deviceuid, devicename, appversion FROM apns_devices AS t WHERE pushalert = 'enabled' AND development = 'production' AND status = 'active'  ORDER BY appversion DESC) AS apns_devices GROUP BY deviceuid ORDER BY appversion DESC";
$bodyError = '';

while ($deviceToken = mysql_fetch_array($result1)) { 

    // Build the binary notification
    $msg = chr(0) . pack('n', 32) . pack('H*', ''.$deviceToken[0].'') . pack('n', strlen($payload)) . $payload;

    // Send it to the server
    $result = fwrite($fp, $msg, strlen($msg));

    $bodyError .= 'result: '.$result.', devicetoken: '.$deviceToken[0].'';

    if(!$result) {
        $errCounter = $errCounter + 1;

        // send an email to your address if you want to know if something went wrong...
        // mail('YOUR EMAIL ADDRESS', 'FORTIMO PUSH APNS FAILED', 'result: '.$result.', devicetoken: '.$deviceToken[0]);

// send an email to your address if you want to know if everything went well...
mail('YOUR EMAIL ADDRESS', 'PUSH SENT', $bodyError);

if ($errCounter > 0)
header ("Refresh: 1; sendMessage.php?error=1");  
header ("Refresh: 1; sendMessage.php?error=2");  

// Close the connection to the server

That’s it! Now you have everything you need to send Push Notifications!


Continue reading:
APNS – Tutorial: how to send Push Notifications to my iPhone / iPad App – Part 3




  1. This is a great idea.I just found out about Prowl (Growl on iphone) via push noitaicftions on the iphone and was wondering if someone was working with integrating push noitaicftions using Nagios.It’d be great if you can include me on the beta program, I’d be happy to help in any way I can. This would be a great app for any server admin.Good luck!

  2. As for this step
    openssl rsa -in apns-production-key.pem -out apns-production-key-noenc.pem

    Even if the user dont set the passphrase and password when export to .p12, the private key somehow is still encrypted (i tested it by export 2 times, with and without the passphrase setting), but i still need to rsa both key to make it work. ^^

  3. Hi everyone,
    I’m not able to make sendMessage.php and simplepush.php together runs correctly.
    For example, “login_success.php” is missing ?
    In the “sendMessage.php”, I always get the error message “You must enter a message! You are being redirected..”

    Could someone help me in debugging these two files because I’m not a PHP specialist, a real newbie.
    Thanks in advance.

Leave a Reply

Your email address will not be published.