Nevercold · August 9, 2023 13:48 · May 20, 2020 · May 20, 2020 · May 20, 2020
diff --git a/PKPass.md b/PKPass.md
@@ -3,6 +3,12 @@ How to create Apple PKPass .p12 certificate using Linux
 
 You don't need a Mac to do this :-)
 
+For generating PKPass files, you'll need 4 things after this tutorial:
+- Certificate Identifier (pass.com.example.www)
+- Team Identified (Organizational Unit (OU) in the cert generated by Apple)
+- The .p12 file
+- The password for the .p12 file
+
 1. Login on https://developer.apple.com/account/
 2. Click Certificates, Identifiers & Profiles
 3. Click on Identifiers
@@ -45,6 +51,8 @@ Please note that the .p12 contains both certificates and a private key as well.
 openssl pkcs12 -in pkpass.p12 -nodes
 ```
 
+Please note the `OU` field of the first certificate in the output. This is your Team Identifier.
+
 17. Create a reminder in your calendar with the expiration date of your certificate.
 ```
 openssl x509 -in pass.pem -noout -enddate

diff --git a/PKPass.md b/PKPass.md
@@ -1,4 +1,5 @@
-# How to create Apple PKPass .p12 certificate using Linux
+How to create Apple PKPass .p12 certificate using Linux
+===
 
 You don't need a Mac to do this :-)
 

diff --git a/PKPass.md b/PKPass.md
@@ -0,0 +1,50 @@
+# How to create Apple PKPass .p12 certificate using Linux
+
+You don't need a Mac to do this :-)
+
+1. Login on https://developer.apple.com/account/
+2. Click Certificates, Identifiers & Profiles
+3. Click on Identifiers
+4. On the right, filter to Pass Type IDs
+5. Register a New Identifier, choose Pass Type IDs
+6. Enter Description and Identifier
+7. Finalize by clicking Register
+8. Go to terminal and generate a private key (.key)
+```
+openssl genrsa -out pkpass.key 2048
+```
+9. Generate a certificate singing request (.csr)
+```
+openssl req -new -key pkpass.key -out pkpass.csr
+```
+Fill in the fields with your own data but leave Challenge password empty (press Enter).
+
+10. On the Developer Portal choose the newly created identifier from the list and click Create Certificate.
+11. Leave the Certificate name empty and upload the .csr file
+12. On the next page click Download and save the downloaded `pass.cer` to the folder with the .key and .csr files
+13. Download Apple's root certificate (Apple Worldwide Developer Relations Certification Authority)
+```
+wget http://developer.apple.com/certificationauthority/AppleWWDRCA.cer
+```
+14. Convert .cer files to .pem format
+```
+openssl x509 -inform der -in AppleWWDRCA.cer -out AppleWWDRCA.pem
+openssl x509 -inform der -in pass.cer -out pass.pem
+```
+15. Generate the .p12 certificate by using the private key, your certificate and Apple's certificate
+```
+openssl pkcs12 -export -clcerts -inkey pkpass.key -in pass.pem -certfile AppleWWDRCA.pem -name "Company Name" -out pkpass.p12
+```
+You'll be requested to enter a password. Choose a strong password here. You'll use this password with the .p12 certificate when generating PKPass files.
+
+Please note that the .p12 contains both certificates and a private key as well. Make sure that you distribute it securely to the server that will generate PKPass files and that it is only readable by the PKPass generator application.
+
+16. You can check the contents of your newly created .p12 certificate
+```
+openssl pkcs12 -in pkpass.p12 -nodes
+```
+
+17. Create a reminder in your calendar with the expiration date of your certificate.
+```
+openssl x509 -in pass.pem -noout -enddate
+```
diff --git a/gistlog.yml b/gistlog.yml
@@ -0,0 +1 @@
+published: true
No results found