Apple’s has announced a push notification service for the iPhone that it’ll provide to all developers. It’ll maintain a persistent IP connection to the phone and let a 3rd party server ping Apple’s notification service in order to push out notifications to users device, which can be in the form of badges, sounds or custom textual alerts. According to Apple, the service will preserve battery life and maintain performance, not to mention work over WiFi or cellular.

What is Push Notification and How does it work?

Let’s say you’re running a 3rd party IM (instant message) client on iPhone 2.0. When you exit the app, you no longer know if you’re receiving more messages. (Sure, there are work around over SMS and Email, but the app itself is dead to you).

With Apple’s Push Notification Service on iPhone OS 3.0, anytime someone sends you a new IM, an alert can be sent from the IM  developer’s servers (yes, they’ll have to keep a session open for you on their end), to Apple’s Push Notification Service (APNS) servers.

Apple’s PNS server will have a persistent TCP/IP connection to your iPhone . Once Apple PNS gets the alert from the developer server, APNS will “PUSH” it out to your iPhone 3.0.

Apple PNS currently supports 3 kinds of alerts: badges with a number (like Mail uses to show you unread messages), custom sounds (like a beep or bell or anything already built into the app by the developer), or modal message boxes (like the kind that pop up to tell you your battery is at 20%).

Apple isn’t making any promises on up-time for the service, and any new service will have delays and downtime.

What APNS doesn’t solve, however, is the lack of good notifications on the iPhone, and applications that require multitasking for something other than notification (i.e. streaming internet radio apps).

Imagine if 10 apps try to push out 10 alerts at the same time, how will Apple manage those on your device? Will you have to “cancel” or “accept” 50 modal message dialogs, or be hit by a cacophony of 30 random sounds? We don’t know yet, but hopefully Apple will address this.

Generate APNS SSL Certificate

To get started with APNS we need to generate an certificate unique to each applications which will support APNS. We need to log into our iPhone developer portal with “Team Agent” access.  Only users with “Team Agent” access can do the below mentioned process. The iPhone developer portal with “Team Agent ” has a detailed steps to generate an APNS certificate. You should be able to see the screen shown below in the portal to start creating your APNS certificate. Follow the steps mentioned below:-

APNS Development Certificate

Fig 1: APNS Development Certificate

(1) You need to create an App ID without .* in the iPhone developer Portal. An App ID without .* means its unique and works only for a single application

(2) Generate a certificate signing request from your Mac’s keychain (You should be an Team Agent to have access to the wizard shown in Figure 1) as shown in figure 2 and save to disk

(3) Upload the CertificateSigningRequest.certSigningRequest to the Program Portal

(4) Wait for the generation of cert (about 1 min). Download the certificate (aps_developer_identity.cer) from the Program Portal

(5) Keep (or rename them if you want) these 2 files (steps 2 and 4) in a safe place. You might need the CertificateSigningRequest.certSigningRequest file to request a production cert in the future or renew it again.

(6) Suppose you have imported the aps_developer_identity.cer to the keychain. Then you have to export these new cert and the private key of this cert (not the public key) and saved as .p12 files.

(7) Then you use these commands to generate the cert and key in Mac’s Terminal for PEM format (Privacy Enhanced Mail Security Certificate)

openssl pkcs12 -clcerts -nokeys -out cert.pem -in cert.p12
openssl pkcs12 -nocerts -out key.pem -in key.p12

(8) The cert.pem and key.pem files will be used by your own program communicating with APNS.

(9) If you want to remove the passphase of private key in key.pem, do this

openssl rsa -in key.pem -out key.unencrypted.pem

Then combine the certificate and key

cat cert.pem key.unencrypted.pem > ck.pem

But please set the file permission of this unencrypted key by using chmod 400 and is only readable by root in a sever configuration.

(10) The testing APNS is at ssl://

Request Certificate From Keychain Access

Fig 2: Request Certificate From Keychain Access

(11) For the source codes to push payload message to the APNS, you can find them in the Developer Forum. This is the one that I used, for php. Run this (after obtaining the device token from the testing device and with iPhone Client program setup)
php -f apns.php "My Message" 2

or if you put this php script and the ck.pem in a local web server, you can use this to test


$deviceToken = '02da851dXXXXXXXXb4f2b5bfXXXXXXXXce198270XXXXXXXX0d3dac72bc87cd60'; // masked for security reason
// Passphrase for the private key (ck.pem file)
// $pass = '';
// Get the parameters from http get or from command line
$message = $_GET['message'] or $message = $argv[1] or $message = 'Message received from javacom';
$badge = (int)$_GET['badge'] or $badge = (int)$argv[2];
$sound = $_GET['sound'] or $sound = $argv[3];
// Construct the notification payload
$body = array();
$body['aps'] = array('alert' => $message);
if ($badge)
$body['aps']['badge'] = $badge;
if ($sound)
$body['aps']['sound'] = $sound;
/* End of Configurable Items */
$ctx = stream_context_create();
stream_context_set_option($ctx, 'ssl', 'local_cert', 'ck.pem');
// assume the private key passphase was removed.
// stream_context_set_option($ctx, 'ssl', 'passphrase', $pass);
$fp = stream_socket_client('ssl://', $err, $errstr, 60, STREAM_CLIENT_CONNECT, $ctx);
if (!$fp) {
print "Failed to connect $err $errstrn";
else {
print "Connection OKn";
$payload = json_encode($body);
$msg = chr(0) . pack("n",32) . pack('H*', str_replace(' ', '', $deviceToken)) . pack("n",strlen($payload)) . $payload;
print "sending message :" . $payload . "n";
fwrite($fp, $msg);

(12) For iPhone Client Program, you need to edit the bundle identifier to the App ID that you created and imported the new provisioning profile for that APP ID to the XCode and iPhone. Then implement the following methods in AppDelegate to Build & Go


- (void)applicationDidFinishLaunching:(UIApplication *)application {
NSLog(@"Registering Remote Notications");
// For beta 2
// [[UIApplication sharedApplication] registerForRemoteNotifications];
[[UIApplication sharedApplication] registerForRemoteNotificationTypes:(UIRemoteNotificationTypeBadge | UIRemoteNotificationTypeSound)]; // For beta 3
// other codes here
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
NSLog(@"%@",[[[launchOptions objectForKey:@"UIApplicationLaunchOptionsRemoteNotificationKey"] objectForKey:@"aps"] objectForKey:@"alert"]);
return YES;
- (void)application:(UIApplication *)application didRegisterForRemoteNotificationsWithDeviceToken:(NSData *)deviceToken {
NSLog(@"deviceToken: %@", deviceToken);
- (void)application:(UIApplication *)application didFailToRegisterForRemoteNotificationsWithError:(NSError *)error {
NSLog(@"Error in registration. Error: %@", error);

(13) Additional tips

- The feedback service is currently unavailable.
- Send your messages to during the beta period.
- Devices must be set up as new iPhones in iTunes in order to generate device tokens. Restoring from backup is not currently supported.
-Make sure the audio file received5.caf is included in your application resource.

(13a) Registering an App ID for Apple Push Notification service

1. In the App ID section of the Program Portal, locate the App ID you wish to use with the Apple Push Notification service. Only App IDs with a specific bundle ID can be used with the APNs. You cannot use a “wild-card” application ID. You must see “Available” under the Apple Push Notification service column to register this App ID and configure a certificate for this App ID.

2. Click the ‘Configure’ link next to your desired App ID.

3. In the Configure App ID page, check the Enable Push Notification Services box and click the Configure button. Clicking this button launches the APNs Assistant, which guides you through the next series of steps that create your App ID specific Client SSL certificate.

4. Download the Client SSL certificate file to your download location. Navigate to that location and double-click the certificate file (which has an extension of cer) to install it in your keychain.

5. When you are finished, click Done in the APNS Assistant.

6. Double-clicking the file launches Keychain Access. Make sure you install the certificate in your login keychain on the computer you are using for provider development. The APNs SSL certificate should be installed on your notification server.

7. When you finish these steps you are returned to the Configure App ID page of the iPhone Dev Center portal. The certificate should be badged with a green circle and the label “Enabled”.

8. To complete the APNs set-up process, you will need to create a new provisioning profile containing your APNs-enabled App ID.

About Me: Anish Kumar:
Mac OS X software development is my bread winner with over 6 years of experience. Expertise in Color Management, TWAIN Scanner drivers on Mac OS X, Photoshop Filter and Import Plugin development on Mac OS X, iPhone. As an hobby I love to work on PHP, Flex, AIR, Photoshop. Check the 'About' page for more.