Generating an Apple iOS certificate using Windows

When using any services for your iOS device such as Push Notifications, you need to generate a certificate. It’s quite simple when using Mac OS X as all Apple’s instructions are geared towards it. What do you do, however, if you’re using a Windows machine. There are a few more steps involved, but the whole process is simple enough.

Before you get started, ensure that you have IIS installed on your machine as we’ll need that to generate the certificate request.

To get started, open the Provisioning Portal on Apple’s developer site and add whatever certificate you need. You’ll be promoted with this dialog.


Open the IIS manager, select the machine name on the left hand side and look for the Server Certificates icon in the Features section and double click.


Opening the Server Certificates feature will create a menu on the right hand side of the screen. The second option in that menu list is the “Create Certificate Request”. This will allow us to generate the file that Apple requires in order to generate our certificate.


Click this option opens the Request Certificate wizard.


Fill this form out with some basic details. The Common name I always fill with my email address, but put whatever values you feel are appropriate here.


Next, select the type of request. I always select a key length of 2048. I don’t know what OS X does here, so if anyone knows what size of certificate they request, please let me know in the comments. Click Next to continue.


Next, just select a location to save the request to and hit Finish. Return to the Apple provisioning portal.


Choose the file you’ve just created and hit Generate.


Apple will now generate the certificate file.


We now have the certificate, but this doesn’t contain the private key. We need to complete the process. Hit download and save the cert somewhere. Return to IIS’s Server Certificate Feature. In the menu on the right hand side, as before, you’ll see an option called Complete Certificate Request.


Select the Cert you’ve just downloaded and give it a friendly name. Hit OK. This step will effectively join our Certificate Request with Apple’s certificate to produce a full certificate with both public and private keys. You should now see the certificate in IIS. NOTE: Please ignore the typo in the Friendly name field. Thanks to @nickg_uk for pointing it out!.


You can also choose to export this certificate. If you do, choose the PFX file type to include the Private Key. Once you’ve exported it to a file, you can import it into your certificate store for later use.


I hope this has been helpful and easy to follow. If you have any comments or suggestions on it, please use the comments section below!

9 thoughts on “Generating an Apple iOS certificate using Windows

  1. Hi Thomas. All the screenshots about generating the certificate signing request and further. Never mind, found that all this looks a little different on the apple dev portal, so got to generating my certificate in the end. Thanks for the post.
    Used it in your sample application, replacing thumbprints and the pass type ID where I could find. My next concern is an exception that says “Key doesn’t exist” when I reach the ComputeSignature. StackTrace = ” at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)\r\n
    at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer)\r\n at Passbook.Generator.PassGenerator.SignManifestFile(PassGene…
    Should I raise an issue on github or mail you?

    • Gabriel,

      The screenshots are out of date :) This post is over three years old!

      With regards to the “Key doesn’t exist” error, it usually arises when you don’t have the private key component. When exporting to PFX, you must check the option to include the private key too.

  2. Thanks for the head sup Thomas .) After the Complete Certificate Request step, two things I saw happen:
    1. The certificate shows up among the server certificates. I do not have an export option (“Renew” instead) and therefore I cannot get the pfx. The certificate disappears when I navigate back to the server certificates on the server.
    2. After a few tries, I get an “Access is denied”. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    What am I doing wrong?

  3. Hi Thomas,
    maybe I am too dumb.
    You write “To get started, open the Provisioning Portal on Apple’s developer site and add whatever certificate you need.” Well what certificate do I need for creating passes? I am totally new to this and there is nothing like a “pass certificate”.

    I tried to create a certificate for “iOS App Development”. When I am supposed to select a file with the request I select the “request.txt” file created with IIS but the “generate” button on the site stays disabled. Are txt files not valid? I tried to rename it to “request.certSigningRequest” because on the site it sais “Select .certSigningRequest file saved on your Mac.” This does not help.
    Any ideas?

    I am in the proof of concept phase for a new project on the search for a library we will use in future. You library seems to be very nice to use.

    Thx in advance,

    • Sorry for the delay in answering your question. What you want to create is a “Pass Type ID”. This will allow you to generate a certificate that you use to sign your Passes with.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s