This documentation is for WSO2 IoT Server 3.0.0. View the documentation for the latest release.
Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.
Generating an APNS Certificate - IoT Server 3.0.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

This section will guide you on how to generate an APNS certificate.

Why is this step required?

This certificate is required to carry out operations on the devices that are made available by the device OS. For example, locking the device, clearing the passcode and more.

Further, in iOS, the server passes messages to the client via the Apple Push Notification Service (APNS). When doing so in order to establish a secure connection between WSO2 IoT Server and the APNS server, a client SSL certificate needs to be generated and downloaded from Apple Inc. This APNS certificate is used to send an awake message to the iOS agent application.


  • You have to be enrolled in the  Apple Developer Program  as an individual or organization before starting the iOS server configurations.
  • A valid distribution certificates that you obtained from Apple.

Follow the steps given below:

  1. Clone the emm-agent-ios repository to a preferred location.

    git clone
  2. Open the emm-agent-ios from X-Code and follow the subsequent steps:
    1. Change the org.wso2.carbon.emm.ios.agent  Bundle Identifier  so that it matches your organization details.
      Example: org.<ORGANIZATION_NAME>.emm.ios.agent
    2. Select the development team, provisioning profile and sign certificate from Xcode.

      If you are unsure of how to select the development team, or add the provisioning profile or sign the certificate via Xcode, see the blog post on How to export “in-house” developed iOS app as an enterprise application.

  3. Login to the Apple Developer program and follow the subsequent steps:

    Before you follow the steps, confirm that your machine is connected to the Internet and that Xcode has a valid developer account.

    1. Navigate to Certificates, IDs & Profiles that is under Identifiers.
    2.  Click App IDs and see if the Bundle ID that you defined under Xcode is listed here.
  4. Click the Bundle ID, and click Edit.
  5. Creating an APNs SSL certificate:
    1. Select Push Notifications to enable the setting.

      Once push notification is enabled, you are able to generate the development and production certificates.
    2. To try out the create certificate use case, let's create a development SSL certificate.
      Please note that the development SSL certificate is created only as an example. You can create a production SSL certificate if you have registered with the Apple Developer Program as an Organization.

      Click Create Certificate that is under Development SSL Certificate.
  6. Creating a CSR file using the keychain access tool in the Mac OS:
    1. Launch the keychain access application.
    2. On the menu bar click KeyChain Access > Certificate Assistant > Request a Certificate from Certificate Authority.
    3. Define the email address, common name, select Saved to disk, and click Continue.
  7. Go back to the Apple Developer Portal, upload the generated certificate, and click Continue.
  8. Exporting the certificate to the pfx format.
    1. Click Download to download the file.
    2. Double-click the downloaded file to open it with the Keychain access tool.
    3. Right-click the certificate and select export.
    4. Define the location where you wish to save the file and set a password for the exported file when prompted.
    5. Rename the p12 extension of the file to pfx.

What's Next?

You need to configure the WSO2 IoT Server iOS client configurations

  • No labels