Action Needed: Website Push Certificate Expires in 30 Days. Your Website Push Certificate will no longer be valid in 30 days. To generate a new certificate, sign in and visit Certificates, Identifiers & Profiles.
If you run a website that send browser push notifications, you have most likely received this email from Apple reminding you that your push certificate for Safari is about to expire. I’ve been receiving the same email for several years now, but every time I scratch my head wondering how do I do that again.
So this year, I decided to write down the steps and publish them for everyone (but mostly me) to follow again in the future when it’s time to renew the Safari push certificate.
How to renew a Safari Website Push Certificate
In order to generate a new Safari Website Push Certificate, you will need a paid developer account. First you will have to request a certificate from a certificate authority using Keychain Access on your Mac, then you will need to create a Web Push Certificate. We’ll walk you through each step with simple instructions and illustrations.
Note that the following instructions are to generate a Safari push certificate for a website that is already registered to send push notifications. If your website is not registered yet, make sure to login to your Developer account, click on Identifiers and then click on Register an App ID. Then select Website Push IDs and click Continue. Type in a description, an identifier, and then click Continue to finalize the registration. Once done, you may go on with the instructions below.
1) First we need to make a certificate signing request. Open Keychain Access on your Mac, then navigate to Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority…
2) Enter your email address and your name, which should already be pre-filled. Leave the CA Email Address field blank, and select to save the request to the disk.
Click Continue, and make sure you save the file to your Desktop for easy reference. You should now have a file titled CertificateSigningRequest.certSigningRequest on your Desktop.
3) Sign into your developer account at developer.apple.com, then click on Certificates, Identifiers & Profiles in the sidebar, and then click on Identifiers in the sidebar.
4) Click on the dropdown menu at the top right corner of the screen and select Website Push IDs.
5) Click on the website push ID to select it. Unless you run multiple websites, there should only be one option in there.
6) Now we need to upload the CertificateSigningRequest.certSigningRequest file we saved to the Desktop in step 2. Click on Create Certificate, and then click on Choose File. Navigate to your Desktop, and select the CertificateSigningRequest.certSigningRequest file. Click Continue.
7) Finally, click the Download button to download your certificate, and save it to your Desktop. It will save a file named website_aps_production.cer to your Desktop.
8) Double click on the website_aps_production.cer file to open it in Keychain Access. If prompted, make sure to select login in dropdown menu, as seen below.
9) In Keychain Access, select the Certificates tab from the sidebar, and locate the certificate we just added. It’s pretty easy to tell which one it is because its expiration date should be exactly one year from today. Right click on the file and select Export Website Push ID.
10) When prompted, make sure to save the Certificates.p12 file to your Desktop. If prompted to password-protect the p12 file, do not enter any password. Just click OK. You will however have to enter your admin password to export and save the p12 file.
With the p12 file now on your Desktop, you may upload it to your push notification service of choice, such as OneSignal, WebPushr, etc.
Related: How to renew your Apple Developer Distribution Certificate